Labour Code amendment September 2019

The amendment to the Labour Code that came into force on 7 September 2019 introduced significant changes in employee rights. They are summarised below with information how they will affect the rights of employees and obligations of employers.

This Labour Code amendment covers:

  • Discrimination and equal treatment – the amendment opened a list of the so called discrimination factors. This means that any kind of unequal treatment of employees that cannot be justified by objective reasons may be treated as discrimination;
  • Workplace bullying – with new rules employees may claim damages also during the employment period, and not after its termination, as was the case before;
  • Special rights of employee’s immediate family – this group were given some of the special parental entitlements, including:
      • protection from dismissal during maternal/paternal leave;
      • option to use annual leave immediately following maternal leave (employer will have to approve such annual leave),
      • should the contract be unlawfully terminated during the protection period, the right to claim remuneration from the employer for the time without work (after return to work);
  • Work certificates:
      • period to request correction of a work certificate was extended from 7 to 14 days;
      • the time when work certificate must be issued to the employee was specified and generally it must be the date of termination or expiration of employment,
      • late provision of work certificate is now an offence subject to a fine from PLN 1,000 to 30,000;
      • the list of claims of employees against employers was expanded (demand to issue a work certificate or determine the entitlement to such certificate);
  • Expiration of claims arising from employment – courts will not consider expiration of employee’s or employer’s claims automatically. As a result, expiration of claims will have to be specifically raised in court.

 

The above changes are generally positive – in most part they are specifying rules that in the past gave rise to doubts in their interpretation. At the same time, they do not actually impose any new obligations on employers related to the above entitlements. Obviously, as an employer you will have to adapt your internal regulations (like employee handbooks) and some other documents (work certificate the instruction regarding the option to have it corrected).

 

Author:
 Natalia Wojciechowska, Legal Adviser

First penalty imposed on a public entity for GDPR infringement

The President of the Personal Data Protection Office imposed the first penalty for GDPR violation on a public entity – the Mayor of Aleksandrów Kujawski. The Mayor has to pay PLN40,000 fine and remedy the infringement within 60 days. The main reasons for this decision was failure to enter into data processing agreements and storage of certain data, including asset declarations, longer than is allowed under the law.

No processing agreements

The Mayor failed to enter into processing agreements with the company hosting resources of the Municipal Office’s Public Information Bulletin (BIP) on its servers. No such agreement was concluded with another entity that provided software for BIP creation and maintenance services related to BIP. Thus, the President of the Office found that the Mayor disclosed personal data without legal basis and therefore violated the principle of lawful processing (Article 5.1(a) GDPR) and the principle of confidentiality (Article 5.1(f) GDPR).

Exceeding lawful storage period

The audit found that BIP website contained, among other things, asset declarations from 2010, while their prescribed storage period is 6 years, which in the opinion of the President of the Office is stipulated by sectoral rules. The Mayor therefore violated the principle of storage limitation (Article 5.1(e) GDPR).

Other infringements

The investigation also found irregularities in security of materials from Municipal Council meetings. The Office only stored them on a dedicated YouTube channel and did not make any backup copies of those recordings, which increased the risk of permanent loss. The risk of publication of Municipal Council meetings recordings on YouTube only was also not analysed. So the principle of integrity and confidentiality (Article 5.1(f)) and the principle of accountability (Article 5.2) were violated.

The principle of accountability was infringed also because of gaps in the register of processing operations. It did not indicate all data recipients or the planned date of data erasure for certain processing operations.

Amount of the fine

According to the President of the Office, the amount of the fine was affected by the Mayor’s refusal to cooperate with the authority during the audit, and failure to remedy the infringements. As a result, the President of the Office found no grounds to reduce the fine which was set a relatively high level, i.e. 40% of the maximum rate for the public sector.

The fine imposed on the Mayor of Aleksandrów Kujawski is the fourth fine ordered by the President of the Personal Data Protection Office for GDPR infringements, but the first one imposed on a public entity. This clearly shows that public institutions are not exempt from the obligation to protect personal data and they will be subject to the same scrutiny as private sector. Regardless of the sector where the fined entity operates, conclusions from the justification of the decision  are the same for all data controllers data processing without legal basis (also without a processing agreement) is deemed by the President of the Office one of the most serious violations, just like data storage for extended periods, and any irregularities in this regard may cause serious consequences.

You will find full communication by the President of the Office at: https://uodo.gov.pl/pl/138/1240,
and its decision in full at:
https://uodo.gov.pl/decyzje/ZSPU.421.3.2019.

 

Author:
 Natalia Wojciechowska, Legal Adviser

Contact

Any questions?see phone number+48 663 683 888
see email address

Hey, have you
signed up to our newsletter yet?

    Check how we process your personal data here