On May 25, 2018, the General Data Protection Regulation (GDPR) came into force. The regulation aims at harmonizing rules for the processing of personal data within the EU.
The GDPR contains a set of rules regarding the collection and processing of personal data of individuals, as well as the rights of data subjects.
The collection of data must be based on valid lawful basis – such as, for example, the data subject’s consent, the processing being necessary for a contact one has with the data subject, the legitimate interest of the controller, or a legal obligation. Data controllers must provide clear and legible information on the scope and purpose of the data they collect.
Individuals whose data is being collected have the right to access their data processed by other entities, the right to obtain copies of such data, as well as the right to correct or delete them, in addition to other rights granted under the GDPR.
Although many of the rules currently in force have applied in Poland prior to the GDPR, the sanctions for breaching the data processing principles, currently reaching up to EUR 20 million or 4% of the global turnover, are new.
You can access more information about implementation of the GDPR at Qualitime by clicking this link.