Changes to electronic invoices in Poland

Publication date: May 29, 2023

What is e-invoice?

Structured invoice (e-invoice) is a type of electronic invoice introduced in 2021. It enables entrepreneurs to issue invoices through the ICT system (Polish KseF), i.e. the National System of e-Invoices. For now, the system is not mandatory in Poland. Currently, the logical structure of the electronic invoice FA( 1) is used, and from September 1, 2023 it will be replaced by the new structure FA(2). The obligation to apply them comes into force on July 1, 2024.


Pseudo-anonymisation in the aspect of GDPR

Publication date: April 11, 2023

In the light of the GDPR, the principles of data protection do not apply to data whose links between personal data and the persons concerned have been irreversibly removed. Consequently, anonymization is not subject to the provisions of the GDPR Regulation. However, the measure that the GDPR directly indicates as a method of data protection is pseudo-anonymization. In this case, personal data is replaced in such a way that with the use of appropriate information it is possible to identify the persons to whom data relates.

The main mechanism on which pseudo-anonymization is based is the replacement of sensitive information with identifiers, which are then properly encrypted, but in a way that allows the possible reversal of this procedure. Therefore, in the whole process, we receive two sets of information, the first is a set of data that we cannot associate with any natural person, and the second is information containing identifiers that allow the data to be assigned to a specific person. Only authorized users have the ability to reconstruct data. According to the findings of The Article 29 Working Party, we can distinguish five anonymization techniques. They are secret key encryption, hash function, hash function with key, deterministic encryption and tokenization.


Noise addition and permutation – two data depersonalization techniques and GDPR requirements

Publication date: April 11, 2023

In the process of data collection, the personal data protection system imposes a relative ban on automated decision-making on controllers (Article 22 of the GDPR), the obligation to take into account data protection by design (Article 25 section 1 of the GDPR) and default data protection (Article 25 section 2 of the GDPR), as well as the need to carry out an assessment of the effects of processing for data protection (data protection impact assessment – art. 35 GDPR). The Data Protection Regulation serves protective purposes, which is to ensure the protection of the rights and freedoms of data subjects in connection with the processing of their personal data, taking into account, however, the principles of data protection regulated in art. 5 of the GDPR, especially reliability and transparency, data minimization and the risk-based mechanism approach.

Under the essence of data protection by design within the meaning of Art. 25 of the GDPR, the controller is obliged to take into account the protection of personal data already at the design stage of a specific solution, service or artificial intelligence system. This is to ensure, among other things, that the protection of personal data will become an immanent element of each project already at the stage of creation.



Publication date: March 30, 2023


OpenSea, Rarible or Foundation? Legal differences of NFT platforms. Where to trade?

Publication date: March 01, 2023

As the popularity of NFT continues to grow, more and more people are buying and selling these unique digital assets on various platforms. However, as with any online transaction, there are important privacy considerations to keep in mind. It is important that NFT buyers and sellers understand how their personal information is collected, used and shared by the platforms they use.

The registration process on the platforms may vary and require additional verification by the registrant. The Foundation, for example, requires sellers to verify their account before they can sell NFTs, while OpenSea and Rarible do not have a verification process.