Karolina Romanowska
Karolina Romanowska, adwokat, handles issues of data protection and employment law. She has experience adjusting HR documentation to the requirements of the General Data Protection Regulation for a number of leading companies from the sectors of logistics, food, sport, and financial services. She advises HR departments in negotiation of contracts involving processing of personal data. She also participates in corporate due diligence.
Care leave, introduced into the Labour Code on 26 April 2023 is an employee entitlement that appeared relatively recently in the Polish legal order (we wrote about its granting in the article Care Leave). As a result, there is still no established case law or practice on the application of provisions defining rules for its granting. Nevertheless, every employer should consider appropriate solutions if receiving a request from an employee for care leave.
Exit interviews, namely interviews which employers hold with employees whose employment is ending, are widely used by HR departments and may provide useful information regarding managing the workplace. In today’s piece, we will take a look at exit interviews from the perspective of data protection legislation.
This is the fourth in a series of articles in which we discuss the duties of a data controller with respect to data protection breaches in the employment context, drawing on Guidelines 01/2021 on Examples regarding Personal Data Breach Notification adopted on 14 December 2021 (version 2.0) from the European Data Protection Board (EDPB).
This is the third in a series of articles in which we discuss the duties of a data controller with respect to data protection breaches in the employment context, drawing on Guidelines 01/2021 on Examples regarding Personal Data Breach Notification adopted on 14 December 2021 (version 2.0) from the European Data Protection Board (EDPB).
This is the second in a series of articles in which we discuss the duties of a data controller with respect to data protection breaches in the employment context, drawing on Guidelines 01/2021 on Examples regarding Personal Data Breach Notification adopted on 14 December 2021 (version 2.0) from the European Data Protection Board (EDPB).
Responding appropriate to a data breach is one of the fundamental duties of data controllers under the EU’s General Data Protection Regulation (GDPR). But practice shows that complying with these duties often poses major problems for data controllers, including when the breach occurs in an employment context. These difficulties include in particular assessing:
- Whether a breach has occurred
- The risk associated with the breach
- What legal duties are imposed on the data controller in relation to the breach
- What measures should be implemented in connection with the breach.