Information security management vs RODO – 2018 changes

With the constantly changing world of new technologies and personal data being stored by seemingly everyone we ever get in contact with, there is no doubt that changes are due. RODO, which in polish stands for Rozporządzenie o ochronie danych osobowych is a new and improved regulation concerning personal data protection that was put forward by the EU Parliament. The new regulation will substitute current polish laws concerning personal data protection and it shall be effective from the 25th of May 2018 onwards. Unlike previous regulations and laws, RODO applies to all European Union countries with no exceptions. What does the new law entail? What are the most important changes that the Poles will face after the 25th of May?

RODO changes

Basic data protection regulation requires that appropriate technical and organizational measures are taken in order to ensure a proper level of security. To do so, application of an approved code of conduct or obtaining a respective certificate will be mandatory.

—>>>General Data Protection Regulation<<<—

As far as civilian rights go, people will now have “the right to be forgotten”, which means that people will now be able to ask for a change, restriction or complete removal of their data from a company’s database. Moreover, the data will have to be deleted if it’s being handled in an illegal way, it has been collected in relation to the offer of information society services, it is no longer necessary or the person asks for its’ removal.


Find out more about RODO at !

People will also have the “right to move data”, which means they will be able to ask the administrator for the data that they have previously shared with them, along with all data the administrator has collected about the person. The new RODO regulation also requires that companies get a clear and unbiased agreement for data collection and processing from the person of their interest and if they fail to do so, the data will not be legal to handle by said company. This law has been in force for quite a while now, but now it will be more restrictive than ever.

How should you prepare for the RODO changes in 2018?

As a result of the changes that will happen within RODO, companies that deal with any kind of personal data should prepare ahead and document all personal data processed by the company, as well as the origins of said data, what entitles the company to use such data, if the data is being made available to any third parties and how the data has been protected up to this point. Such detailed analysis is necessary to maintain a record of processing activities – a document which will be mandatory for companies that hire over 250 people and those that deal with sensitive data.

Sensitive data means all data that reveals the ethical or racial origins, political views, religious beliefs and affiliations, personal philosophy, etc. It also entails all information on health, genetic code, addictions, sexual life, convictions, penalties, tickets and other judicial decisions.