Łukasz Rutkowski
Łukasz Rutkowski, attorney-at-law, advises clients from a range of industries, including financial services, banking, e-commerce, IT, logistics and FMCG. He has participated in GDPR implementation projects and compliance audits. He analyses products, processes, IT solutions (software, mobile apps) and services (e.g. using profiling, AI and the internet of things) for compliance with data protection regulations (including industry regulations) and e-privacy regulations.He supports clients in conducting data protection impact assessments and handling data subject requests.
This is the third in a series of articles in which we discuss the duties of a data controller with respect to data protection breaches in the employment context, drawing on Guidelines 01/2021 on Examples regarding Personal Data Breach Notification adopted on 14 December 2021 (version 2.0) from the European Data Protection Board (EDPB).
This is the second in a series of articles in which we discuss the duties of a data controller with respect to data protection breaches in the employment context, drawing on Guidelines 01/2021 on Examples regarding Personal Data Breach Notification adopted on 14 December 2021 (version 2.0) from the European Data Protection Board (EDPB).
Responding appropriate to a data breach is one of the fundamental duties of data controllers under the EU’s General Data Protection Regulation (GDPR). But practice shows that complying with these duties often poses major problems for data controllers, including when the breach occurs in an employment context. These difficulties include in particular assessing:
- Whether a breach has occurred
- The risk associated with the breach
- What legal duties are imposed on the data controller in relation to the breach
- What measures should be implemented in connection with the breach.
The upcoming amendment to the Labour Code on remote work is expected to comprehensively regulate a number of issues and relationships between employer and employee, significantly changing the existing legal landscape for performing work from home. The amendment also touches on issues of processing of personal data.