Today we will analyze the documents
employment/cooperation contract
information obligation,
authorization to process personal data,
declaration of confidentiality of personal data,
declaration of having read the personal data protection documentation,
non-disclosure agreement (NDA),
and also how to use it in practice and the question of why all modern cars have three-point seat belts?
Employment/cooperation contract
Article 29 § 2 of the Labor Code, Civil Code
It regulates the terms of cooperation and constitutes the basis of the legal relationship that justifies granting a given person access to personal data processed by the company.
Written contract/agreed with a qualified electronic signature.
Information obligation
13 GDPR
Informs the employee/collaborator who processes his/her personal data and why.
Typically, it's an annex to the employment/cooperation contract. If changes are necessary, simply submit a documented new version.
Written authorization to process personal data
29 GDPR, provisions of a number of specific acts
In order for a specific person to have legal access to personal data administered by our company, they must have written authorization to do so (just as a lawyer appearing at a hearing must have written power of attorney from the person they represent).
A written authorization to process data, signed by the Management Board/a person authorized by the Management Board. We also ensure that the employee receives appropriate training . Theoretically, this authorization can be included as an annex to the employment/cooperation contract. However, if the need arises to change its content (which is quite possible), the entire contract must be formally amended. This can generate "surprises" such as "maybe a raise along the way?" etc. When the authorization is a separate document, updating or changing it simply requires delivering the new version to the employee.
Declaration of confidentiality of personal data
Article 5(2) GDPR, Article 24(1) GDPR, Article 28(3)(b) GDPR
Strengthening the protection of personal data and whatsapp number list demonstrating to the Personal Data Protection Office in the event of an inspection (or to the Company's client if it is subject to an audit, e.g. by the entity that entrusted it with personal data processing) that we have done something to protect personal data (the principle of accountability).
A written declaration, often constituting an element of the authorization to process personal data.
Declaration of familiarization with the personal data protection system
5 section 2 GDPR, Civil Code
Strengthening personal data protection and demonstrating to the Personal Data Protection Office in the event of an audit that the company has taken specific steps to protect personal data (accountability principle). This document is absolutely essential for holding an employee/collaborator liable for disciplinary, civil, or criminal penalties in the event of an obvious violation of data protection principles.
A written declaration. Theoretically, this could be included as an appendix to the employment/cooperation contract, but if the data protection policies need to be updated (which is inherently built into the system and quite realistic), the entire contract would need to be formally amended. If the declaration is a separate document, for minor changes, you can send an email saying, "Hey, remember that promise to abide by our data protection policies? We just updated them." For larger changes, you might consider downloading new declarations.
Confidentiality Agreement
Act on Combating Unfair Competition, Civil Code
To protect business secrets (both ours and our clients'), which may (but do not have to) constitute personal data (e.g., the recipe for Coca-Cola does not contain personal data, but is undoubtedly a business secret).
NDA/employment contract (confidentiality obligation built into Article 100 of the Labor Code).
The very relationship between personal data ("to") and trade secret data ("tp") can be illustrated with a simple Venn diagram :
To sum up
Entrepreneurs face various legal and business requirements. This is particularly true when it comes to trade secrets, as the law doesn't formally compel Coca-Cola, for example, to keep the Coca-Cola recipe a secret. The Swedish company Volvo famously invented three-point seat belts for cars in 1959 and declared the idea so phenomenally good that everyone should use them. The Swedes patented the idea, but declared it free for anyone to use, and today all car manufacturers use them – to the delight of countless people[1] who survive car accidents thanks to them.
The documents described above are used to meet various business and legal requirements. Because some are relatively fixed (such as NDAs) and others relatively variable (such as the scope of authorization to process personal data, which may change with each position change or reorganization), they are implemented in different ways. Unfortunately, in no case will the proper implementation of one of these obligations avoid accusations of failure to comply with another.