According to the law procedures of the Republic of Poland and the legal system of the European Union the personal data remain under the particular legal protection. General Data Protection Regulation (GDPR) regulates processing of the personal data in the European Union by the entities subject to these regulations. Within the national law, the Personal Data Protection Act established 10 May 2018 defines the standards of conduct with the personal data in the companies and specifies certain regulations from the GDPR legal act. The University of Euroregional Economy (WSGE) is subject to these legal acts. The main actions taken in order to fulfill these legal obligations in WSGE are i.a.:
- cataloging all processes with the usage of the personal data and the categories of these data,
- ensuring the confidentiality of the employees of WSGE by conducting the courses regarding personal data protection, giving the authorizations to the constrained range of processes to the employees,
- conducting an external audit regarding the state of the personal data protection,
- implementation of leading the registry of the personal data processing, introducing the data protection closures in the agreements and internal legal acts, realization of the information obligation, ensuring right to moving, deleting, changing and objecting against the personal data processing,
- deleting the unnecessary personal data from the WSGE databases, for which the processing duration has ended and, according to the rule of data minimization, storage of only the data necessary for the processing,
- preparing and establishing the Information Security Policy – a document regulating personal data processing in WSGE
- establishing the Data Protection Officer in WSGE,
- conducting ongoing trainings, internal audits, analysis, verifications and data processing optimizations.
Moreover, the University of Euroregional Economy, taking care of the reliable data processing, attaches great importance to the information obligation regarding people, whose data is processed in our entity. According to the legal guidelines, the data processing agreements should contain the following information:
- the identity and the contact details of the controller,
- the contact details of the data protection officer,
- the purposes of the processing for which the personal data are intended as well as the legal basis for the processing,
- the legitimate interests pursued by the controller or by a third party,
- the recipients or categories of recipients of the personal data,
- the fact that the controller intends to transfer personal data to a third country or international organization,
- the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
- the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
- the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- the right to lodge a complaint with a supervisory authority;
- the existence of automated decision-making, including profiling.
In case of questions or doubts, we welcome to contact the WSGE Data Protection Officer Wojciech Sitek. E-mail: ws@wsge.edu.pl
