Personal data protection for sole traders

Abstract

In the context of an open definition of personal data and accepting a broad understanding of the subject range of the PDPA44, information about natural persons who conduct business activity should be treated as personal data, as it is frequently information allowing a specific natural person to be identified. On the other hand, publishing personal data of people with business activity in CEIDG forces the conclusion that the sole trader decides to makes the data broadly accessible, and therefore is aware that its protection is limited. It should not mean that commonly accessible data can be processed absolutely freely with complete disregard for PDPA, as business entities also have a right to privacy. However, from a practical point of view, in their case this right is limited by the rule of the publicness of economic turnover. It can be noticed that the practice of economic turnover forces a more flexible approach to the presented issue45. In this respect, since May 2016, the Act has introduced new provisions that are intended to ensure a realistic balance between the business entity’s and public interest. The purpose of the amendment of the Act on Freedom of Business Activity, adopted in September 2015, is primarily to accelerate the service of undertakings. Undoubtedly, in the content of the business entity’s data the revision of the Act introduced provisions broadening the scope of data contained in the CEIDG entry. The main changes that came into force can certainly stir up controversies. It is difficult to explicitly declare whether those legal solutions are effective and positive. Certainly, introducing regulations excluding the PDPA regarding the personal data of a sole trader, assuming the public nature of the overwhelming majority of their data, results in a situation in which they are not properly protected.