Protection of personal data – responsibilities of entrepreneurs in the light of new legal regulations of January 1, 2015 was the title of the training organized in EXPO XXI Warsaw (strategic partner of the training) on May 18, 2015, by Polish Chamber of Exhibition Industry and the Inspector General for Personal Data Protection (GIODO). The training addressed to the exhibition industry and the MICE sector was attended by over 70 entrepreneurs associated in PCEI and in SBE (Event Sector Association) and in SKKP (Association of Conferences and Congresses in Poland). The aim of the training was to prepare businesses for appropriate processing of personal data taking into account amendments of the Act on Personal Data Protection. The training was opened by Minister Andrzej Lewinski, the deputy of the Inspector General for Personal Data Protection (GIODO) and Żaneta Berus, the President of the Board of EXPO XXI Warsaw. Basic terminology ad rules concerning personal data processing were discussed by Weronika Kowalik, Deputy Director of the Department of Rulings, Legislations and Complaints in the GIODO Office. She also presented the latest changes to the Act on Personal Data Protection, including the new responsibilities and the roles of the administrator of information security (ABI). The obligation to register sets of personal data after the changes of January 1, 2015, and the functions fulfilled by the register of sets kept by GIODO were discusses by Dorota Krajekwska-Kekusz, the Director of the Department of Personal Data Sets Registering. She explained the legal grounds applicable in creating sets from generally accessible data, defining and differentiating objectives, grounds and scopes of data processing in CRM. She also elaborated on the forms of submitting sets for registration and situations in which information covered by the application should be updated. Then Tomasz Sobczyński, Deputy Director of the IT Department presented basic aspects connected with maintaining security in processes of personal data protection. He highlighted that technological progress forces the necessity of using new methods and measures of protection necessary to ensure confidentiality, integrity and accountability of the processed personal data. Piotr Drobek, Deputy Director of the Department of Social Education and International Cooperation presented basic requirements connected with transferring personal data to third countries, i.e. countries which are not a part of the European Economic Area (EEA). He explained that transfers within EEA are treated just like ones taking place in the territory of Poland. According to him, as a rule, for the data to be transferred to a third country, this country should guarantee the appropriate level of personal data protection, which can be confirmed, above all, by the decision of the European Commission. If a third country does not provide such protection, one of the exceptions set forth in art. 47, sections 2 and 3 may be applied. A very good and practical solution is also the application of standard contractual clauses on personal data protection, which were approved by the European Commission, because since January 1, 2015, transferring personal data to a third country using such a legal instrument does not require the consent of GIODO. The presentations were followed by discussions and Q A sessions for the participants of the training and the number of questions let the meeting run much over the previously assumed schedule. Source and photo: GIODO / PIPT