The introduction of RODO, the EU's Data Protection Regulation, in 2016 was associated with the restriction of access to private data by an excessive number of unauthorised individuals and the passing on of such data. Access to someone's personal data (name, surname, PESEL number, address, phone number and other contact details) comes with significant liability. Those with bad intentions, could use this data for their benefit at the expense of these individuals. Therefore, failure to secure personal data puts many people at risk.
If previously, at least a personal email address was provided to sign up to receive a newsletter, there were effectively no formal restrictions on who would have access to it and whether they could pass it on, or how long this information would be available to a particular company. Now, even companies outside Europe, but which provide services to people living in Europe, must clearly express where and for how long someone's data will be stored, who will be entitled to access it. In addition, someone's consent is needed before the collection of personal data could take place at all.
Another aspect of RODO is the restriction and need for consent to profiling, i.e. the creation of a consumer profile based on the content they have viewed, which will be used to suggest further advertising tailored to the individual.
Through the RODO, definitions of health data, genetic data and biometric data have been introduced so that such extremely sensitive personal information can be particularly protected.
The RODO has started to require specific data protection procedures, the positions of 'Data Controller', 'Joint Data Controller' and 'Data Protection Officer', making it clear who has access to databases with personal information and that someone is in control of ensuring that this data is well protected. One more procedure that aids protection, is pseudonymisation, i.e. data is stored in such a way that it cannot be linked to a specific person until it is necessary. In this way, other employees whose tasks are related to personal data do not have access to it.
