GDPR has reached consciousness of many people

A summary of the experience of 12 months of application of the GDPR rules and the presentation of the emerging European e-learning platform dedicated to the protection of personal data were the main topics discussed during the meeting "GDPR for a year with us. E-OpenSpace project."

The event took place on 30th May 2019 in Warsaw and was organized by the Personal Data Protection Office in cooperation with the Jagiellonian University.

One year after the application of the GDPR

In the opinion of Piotr Drobek, director of the Analysis and Strategy Team at UODO, until now, Member States, including Poland, have focused on harmonizing practices in the application of the General Data Protection Regulation (GDPR). The guidelines of the European Data Protection Board proved necessary, without which national data protection authorities were exposed to measures that prevent consistency. In turn, domestic activities were used to organize the legislative sphere to strengthen the data protection system.

In the first period of applying the GDPR, problems were not avoided. Among others, there were difficulties with understanding the role of the authorization to processing personal data. In addition, Piotr Drobek pointed out that the GDPR became the subject of discussion about problems that were not new. For example, the information obligation, in his opinion, has been rediscovered, although it has existed since 1990.

The use of the GDPR is also associated with benefits related to, e.g., increasing Poles' awareness of their rights. According to Piotr Drobek, this is proved by, among others a significant number of complaints received by the UODO in the first year of application of the GDPR. The professionalization of staff dealing with personal data protection is also visible.

On the other hand, Katarzyna Kos from the Jagiellonian University, pointed out difficulties in interpreting e.g. certain concepts and provisions contained in the GDPR in relation to national law, which makes many controllers’ experience difficult. In her opinion, the challenge is to put in order the situation of natural persons conducting business activity. As the only economic entities they can be not only a controller, but also a data subject. It may lead to differentiation of the rights of entities conducting business activity.

Stop with the ”wild knowledge”

In the first period of applying the GDPR, a huge demand for knowledge in the field of the GDPR was revealed. According to the latest research by the European Data Protection Board, which was quoted by Marta Otto, deputy director of the International Cooperation and Education Team at UODO, 67% of European Union citizens have heard about the GDPR, and 36% know what the regulation is related to. However, 57% of respondents said they were aware of the existence of a national public authority responsible for protecting their data protection rights.

Also UODO has undertaken and continues to implement many activities that facilitate the application of the GDPR. Among them are guides and guidelines, trainings for various sectors as well as helplines.

According to PhD Przemysław Tacik from the Jagiellonian University we can distinguish two main stimuli to acquire and spread knowledge about the GDPR:

  • raising awareness of rights and methods of exercising them,
  • dissemination of knowledge about obligations and penalties for non-compliance.

At the same time, the Jagiellonian University expert pointed out the difficulties in educating about the GDPR:

  • versatility and multifaceted application of the regulation,
  • specificity of the GDPR as an act of EU law,
  • separate categories of personal data,
  • high requirements imposed on private entities.

He also drew attention to the risks associated with the phenomenon of "wild knowledge". We deal with it when people accept knowledge of a legal act and create false beliefs about it. According to Przemysław Tacik, this is an unavoidable phenomenon, which is why legal education is necessary to dispel any doubts.

Novelty in teaching about the GDPR

During the past event, the project "e-OpenSpace - European Innovative Open Platform for Electronic Networking  and Sustainable Provision of Adult Centered Education in Privacy and Personal Data Protection" was presented. The result will be a publicly available e-learning platform that will enable people teaching about the GDPR to create training programs, and for anyone interested in broadening their knowledge on data protection self-education. The platform is created as part of an international project in cooperation with UODO and UJ, in which partners from Bulgaria, Croatia and Italy also participate. It is financed by the European Commission from the Erasmus + Program.

2020-03-30 Metadane artykułu