VGS corporate lawyers
London

+44 2039665531

Milan

+39 0250043613

  • Home
  • Who we are
  • Practice Areas
    • Company law
      • Setting up a company in Italy
      • Corporate governance
      • Bankruptcy
    • Debt Recovery & Credit Collection
    • Arbitration and Mediation
    • Contracts
      • Acquisition Finance
    • White collar crimes
    • Data protection and GDPR
  • People
    • Avv. Valentina Giarrusso
    • Avv. Flavia Di Pilla
    • Avv. Silvia Pellegrini
    • Avv. Giuseppe Ganci
    • Avv. Valentina Improta
    • Dr. Fabrizio Di Patti
    • Avv. Salvatore Fasciana
    • Dr. Yasine Ajlane
  • News & Blog

General Data Protection Regulation Fines and Penalties – Poland

  • by VGS' Editorial Board
  • 3 May 2019
  • Comments (2)

One year after GDPR entered into force, it is possible to observe first penalties and fines imposed by different Data Protection Authorities to several undertakings. This brief analysis is useful to provide insights and clarifications over possible misapplications of GDPR and related consequences. 

Country: Poland | Industry: Software | Company: Bisnode | Non-Compliance: Lack of communication with data subjects 

 A first and radical decision released by the Polish Data Protection Authority (“UODO”) involves the common practice of obtaining personal data not directly from the data subject. The €220.000 fine has been handed to a Sweden-headquartered digital marketing company that has an office in Poland after it failed to comply with Article 14 of the GDPR.

Art. 14 of GDPR states information to provide where personal data have not been obtained directly from the data subject. In that case, data controller shall provide data subjects with relevant information such as: identity of controllers and Data Protection Officer, categories of data processed, purpose of processing, recipients of personal, the period for which the personal data will be stored, the right to lodge a complaint with a supervisory authority et cetera. 

Polish Data Protection Authority requires also that Bisnode contact all data subjects in order to fulfil Article 14 obligations. However, the amount of data subjects involved is close to six million. This is a radical decision because of the interpretation of “disproportionate efforts” in relation to the obligation to provide information. In fact, Recital 62 clearly states that it would not be necessary to impose the obligation to provide information where it is not possible or would involve a disproportionate effort. 

However, as stated by the UODO, whoever involved personal data collection from public registers and other online sources it should be required to shape the business on such activities. Furthermore, UODO stated that Bisnode did not fulfil its obligations under art. 14 by publishing in its website a statement declaring it has complied the GDPR. In fact, fulfilling the communication obligation requires an active approach. A passive notification under a tab on a website, as Bisnode did, cannot be defined as an active approach. Moreover, active notification approach has been affirmed by Article 29 Working Party in its Transparency Guidelines adopted on 29 November 2017.

  • Data Protection
  • GDPR
  • Share:
Previous Article: Enforcement proceedings by distraint
Next Article Trademark registration in Italy

Practice Areas

  • Company law
  • Debt Recovery & Credit Collection
  • Arbitration and Mediation
  • Contracts
  • White collar crimes
  • Data protection and GDPR

Free Consultation

    Tags

    Airbnb Arbitration Artificial Intelligence Auditing Brexit Company Law Company Shares Consent Contracts Cookies Copyright Coronavirus Data DataProcessing Data Protection DPO European Union Eviction Free Title GDPR HealtData HouseHold Agreements Islamic Law Italian Bankruptcy Law Italian Company Law Italian Corporate Law Italian Criminal Law Italian Debt Recovery Italian Entry Visa Italian Intellectual Property Law Italian Legal Advice Italian Privacy Italian Tax Legal guide MedialTreatment Mediation Partnership Patient Personal Data Privacy Processing Research Startup Warranty White Collar Crimes

    Social Links

    • Facebook
    • Instagram
    • LinkedIn

    See also:

    VGS Lawyers

    VGS - Family Lawyers

    © Copyright 2021 | VGS Corporate Lawyers | All right reserved.

    We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.OkPrivacy policy