Representants of the Personal Data Protection Office took part to the Workshop of the General Directors of the public function in the series “Management and leadership”, which took place on the 31st of May 2021. The purpose of the event has to present question on personal data protection related t the current implementation by general directors of ministries, central offices and provincial tasks.
The meeting was a great occasion to understand the actual challenges connected to the implementation of the General Data Protection Regulation (GDPR). The workshop has also assessed the three years period of implementation of the GDPR. Guests, Doc. Wojciech Federczyk, director of the National School of Public Administration, and Dobrosław Dowiat-Urbański, Chief of the Civil Service, during the opening speech have underlined the high importance of the personal data protection related to the technological progress.
Mirosław Sanek, the vice president of the Personal Data Protection Office, has remembered that the personal data protection legislation is not a new juridical act. He has underlined that the General Data Protection Regulation (GDPR) is directly applicable and its tasks is to guarantee the unanimity of legal legislations.
Monika Krasińska, the Director of the Juridical Dep. And Legislation of the Personal Data Protection Office, in her speech entitled “Implementation of personal data protection principles in the working organization of the Public Function” has underlined the importance of the organizational culture also in the field of personal data protection.
Pursuant to what she said, the function of the CEO shall arise a series of doubts connected to the personal data protection. Which is its role? Where it starts and where it ends its responsibility? Which are its tasks and its obligations planned by disposals of personal data protection? Answering these questions is not always easy and can be a challenge for Ceos.
Furthermore, Monika Krasińska stressed that the protection of personal data does not only concern the provisions of the GDPR, but also other national legislation. In addition, the protection of personal data concerns every official, not only the CEO or the data protection officer who advises the controller.
During the meeting, the Directors-General became aware of the decisions of the supervisory authority resulting from breaches of the protection of personal data, submitted by Andrzej Zielonkaz to the Control and Violations Department of the Office for the Protection of Personal Data. He spoke of examples of personal data breaches that are the result of various types of unwanted events, including omitting some elements of the personal data protection system. As you pointed out, each controller is obliged to build its own system of protection of personal data. To create such a system, it is necessary to know all the processes that take place in the organization.
The representative of the Control and Breaches Department of the Office for the Protection of Personal Data also discussed issues related to personal data breaches, referring to the current situation related to the spread of Covid-19 virus. Personal data protection breaches can very often occur when personal data is transferred to unsecured carriers or when correspondence is sent to an incorrect address.
In order to ensure adequate protection of personal data, training courses for employees are useful.
SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELLA POLONIA – UODO