Amendment to the Personal Data Protection Act

On April 15, 2014 an amendment to the Act on the Protection of Personal Data comes into force. We bring you a summary of the most important changes:

- collection of personal data by copying, scanning or recording official documents on an information carrier will be permitted without the consent of the person concerned, if the information is collected for the purpose of creating an employment or similar relationship,
- removes the obligation to draw up a security directive for operators of information systems connected to the Internet not containing “special categories” of personal data or systems not connected to the Internet,
- also removes the obligation to inform authorized persons of the wording of the security directive,
- the record of instructing the authorized person no longer contains legally mandated content,
- removes the obligation to entrust a responsible person for operators with more than 20 authorized persons, whereby if the operator does not entrust a responsible person they must notify the Office for Personal Data Protection about their information systems (replacement for registration of information systems),
- the responsible person can also be the executive (managing director) of the operator,
- the entrusting of the responsible person will no longer need to include the instruction of the responsible person as an authorized person,
- the registration of information systems becomes a notification obligation, and it can be fulfilled electronically on the website of the Office without an advanced electronic signature (already existing registration information systems will be considered notification of information systems),
- reporting the information system no longer requires the inclusion of a description of the conditions of personal data processing,
- there is no longer a fee obligation (20 euros) for notification (registration) of an information system,
- there is a reduction in the levels of fines, some of which have become discretionary, i.e. the Office may but does not have to impose a fine,
- the time limit for compliance for contractual relationships between controllers and processors has been extended (up to 01.07.2015).

Please contact us if you are interested in finding out more about this issue. We would be pleased to offer you legal services in this area.

Share to Facebook
Share to Google Plus

Comments are closed.