What is the protection of personal data?


Personal data protection is a topic that is being talked about and written about more and more. There is also a growing public awareness of the right to protect their data, including those entrusted to third parties. In addition, the relevant authorities have recently started to carefully look at various institutions, checking whether the solutions they use are sufficient to keep our data safe.

When are we talking about personal data?

According to the GDPR, personal data is any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified by an identification number or by unique factors that define his physical, physiological, mental, economic, cultural or social characteristics.

Personal data is sometimes single information, such as a PESEL number or NIP number, which allows you to refer to a specific person. However, in most cases, a single piece of information will not be considered personal data because it is too general or encrypted, and only its combination with additional data will allow the identification of a specific person.

Based on these legal definitions, it is not clear which information exactly constitutes personal data - there is no specific scope of information considered as personal data and in many situations it is necessary to make an individual assessment whether a given information is already a personal feature or not.

What does the term "personal data processing" mean?

The processing of personal data is the performance of any operations on personal data, including their collection, storage, processing, modification, sharing or deletion, especially if they are carried out in IT systems. In addition, according to the Act, the institution processing personal data must present a specific and economically justified purpose of their processing.

What is personal data protection?

The protection of personal data is the protection of information relating to natural persons by entities that have it. This includes both individual pieces of information that constitute personal data as well as entire data sets. This obligation results from the provisions of the regulations, as each person has the right to the protection of their personal data.

Personal data protection is the protection of this data against loss, leakage or unauthorized access - preventing the situation from being processed by persons who are not authorized to do so.

The provisions on the protection of personal data do not indicate specific types of security, because what will be used in an accounting office may not be effective in a large corporation. The selection of appropriate security measures depends on the specific company.