Given the significant tightening of Polish tax regulations with regard to carrying out and appropriately documenting and reporting transactions, implementing a tax risk management policy has now become a business necessity in Poland both for enterprises with Polish capital and global giants with Polish subsidiaries.
In its recent judgment C-311/18 (Schrems II) the Court of Justice of the European Union (CJEU) undermined, to a certain extent, the principles established in previous years for the transfer of personal data outside the EEA, in particular to the US. Many exporters, i.e. controllers and processors transferring data to third countries, were surprised by the verdict and left in confusion. Fortunately, the European Data Protection Board (EDP) came to the aid and adopted recommendations on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data.