Review

Those involved in data protection will have heard of the Morele website case. Our expert, Michał Dutkiewicz, commented:

“It follows from the NSA’s ruling in the Morele service case that the choice of security measures for processing personal data must be supported by a risk analysis carried out taking into account the specifics of the administrator’s activity. Implementing solutions based on the latest information security standards that are not adapted to the actual risks of processing personal data constitutes a violation of the RODO. Moreover, ensuring the security of personal data processing cannot be a one-off activity – it is a continuous process that should be well planned and periodically reviewed by companies.