As we continue to wait for the President's signature on the whistleblower protection act, when it is already clear that labour law violations will not be covered by the act, it's worth taking a gander at the processing of personal data, violations of which have always been included in this catalogue. 

So let's answer the following questions already now: 

• When was the last time we had an audit of personal data processing in connection with employment?
• Have the information clauses we use ever been updated? 
• Do we consciously choose data processors and sign data processing entrustment agreements, the content of which is not imposed on us by them? 
• Do we have a well-organized functioning of communication paths with data subjects? 
• Do we know who in the organization is responsible for realizing the rights of data subjects, e.g., the right to information or copies of data? 
• Do we do a DPIA before introducing solutions based on artificial intelligence systems? 

And novelties: 

• Do we have properly organized access to the data reported by the whistleblower?
• Do we have information clauses ready and do we know to whom and how to implement information obligations?
• Are we able to manage the processing of data so that the principles of minimization, purpose limitation and storage limitation are ensured? 

These are, of course, only examples of issues. 

Can the revision of the Employers' Guide announced in late May by the President of the Data Protection Authority make a difference in strengthening data protection? 

Yes. This guide should serve as a kind of roadmap for employers, bringing them answers to key questions that may arise in connection with the application of data protection regulations in employment. Employment understood more broadly - including those employed on a basis other than an employment relationship. 

Is this the case now? No. The guide was created at the very beginning of the application of the GDPR. It has not been consulted or updated. Many of the issues it raises need to be revisited and proper guidance given. Employers are already looking into it less and less, knowing that it significantly deviates from reality. 

What can employers do to make the handbook a real support for them? 
They can get involved in the consultation process by providing comments, questions and suggestions for change.

How to do it? 
By sending a message to: poradnik_naruszenia@uodo.gov.pl
Alternatively, to the following address: dominika.dorre-kolasa@raczkowski.eu
We are waiting for comments until the end of June.  
 

Find more in the PRO HR June 2024