GDPR - half-year balance
In the past six months, problems with the application of the new law and inappropriate, sometimes even absurd practices caused by the fear of high fines have focused the public attention in a special way. Meanwhile, in their shadow, both entrepreneurs and public administration as well as all other entities obliged to apply the GDPR introduce many valuable solutions that favor better protection of our personal data - wrote PhD Edyta Bielak-Jomaa, President of the Personal Data Protection Office in a special letter summarising the first half of the year with GDPR.
Benefits of the GDPR
The analysis of the applied practices proves that the new law has resulted in a change of the approach to personal data protection as well as in many beneficial solutions. Among the most important and the most noticeable effects, it is worth mentioning:
- increased importance of personal data protection and privacy issues,
- analysis and organization of processes related to the processing of personal data by companies and institutions - including verification of databases, deletion of unnecessary and obsolete data, training of personnel,
-faster response to submitted requests,
- rewording of information clauses, their simplification and more frequent use of language understandable to the recipients,
- informing people about the violation of the protection of their personal data. This enable them to quickly take effective measures to protect them from the negative consequences of the infringement,
- appointing data protection officers (DPO) - professionals in the field of data protection - even by companies that are not obliged to do so, which means that the activities related to the processing of personal data are supervised by a specialist, what increases the level of data protection. Additionally, customers gain a contact point and help in solving problems related to the use of their personal data by a specific entity,
- change of practices used by global players, who include in their activities the GDPR standards.
Compliance is a continuous proces
Despite many positive changes, you still need to work on improving the applied solutions and procedures. It is worth recalling that ensuring compliance with the GDPR is a continuous process, not a one-off operation. In the opinion of UODO, it is still worth to:
- deepen knowledge about the provisions on the protection of personal data, including the GDPR,
- make greater use of the flexibility and freedom of action provided for in the GDPR,
- improve risk assessment, among others to take greater account of the risks which is posed to data protection while using modern technologies and the Internet; as we often see only the benefits of computerization,
- introduce solutions aimed at increasing the protection of children.
UODO suggests how to better use the GDPR
At the same time, in order to facilitate the further daily application of the GDPR and the rights it generates, the Personal Data Protection Office - based on the diagnosed most common problems and errors - has prepared two sets of practical tips: for controllers and for individuals. They should be helpful in the usage of the GDPR every day.