The Business Meets Government meeting with the Personal Data Protection Office in April showed that personal data protection in employment is at a turning point. Regulatory expectations regarding the protection of employees’ privacy and fundamental rights are increasing. Meanwhile, companies serving global clients operate in a multi-jurisdictional environment, facing contractual, technological, and regulatory demands from outside Poland and the EU.

It was emphasized that UODO is moving away from simplified, rigid approaches of earlier years. This applies to recruitment data retention, where the regulator now prioritizes risk analysis and accountability over automatic deletion timelines. This signals regulatory maturity but challenges businesses to make informed decisions and robustly justify and document them.

Equally important was the discussion on employee monitoring, including “other monitoring” often done through analytical tools and reporting systems. UODO indicated that the key factor is not whether a manager views individual data, but whether the system technically allows monitoring of a specific individual’s activity. This requires employers to design digital work environments carefully and clearly describe tool functionalities, especially in remote and hybrid work models.

The greatest tensions concern background checks and employee screening required by foreign clients. UODO’s position remains restrictive: client expectations alone do not justify data processing, and many challenges in the business services sector require legislative change. This is a fair diagnosis and a clear signal that the market largely bears the burden of initiating such changes.

UODO encourages businesses to take a more active role by reporting real barriers and providing data on risks, costs, and lost development opportunities. Without this input, effective inter-ministerial dialogue and legislation that keep pace with technological change - especially regarding AI and upcoming supervisory competences from the AI Act - are difficult.

For ABSL and the business services sector, the conclusion is clear: the regulatory future of personal data protection in employment will not happen on its own. It requires a coordinated business voice, strong expert backing, and consistent participation in consultations. The meeting with UODO confirmed that there is space for such dialogue. The key challenge now is to fill it with substance.

The April meeting hosted by Baker & McKenzie was attended by representatives of ABSL, as well as experts from the Personal Data Protection Office (UODO): Mirosław Wróblewski (President of UODO), Monika Krasińska (Director of the Department of Law and New Technologies), Piotr Drobek (Director of the Department of Innovation and Data Management).