Arbitration and the Protection of Personal Data Under the EU General Data Protection Regulation

The far-reaching reform of the EU personal data protection system has had an impact on many areas of social life, including the private dispute resolution (arbitration). The solutions introduced by the General Data Protection Regulation (GDPR) and the obligations imposed by it may prove impractical in the context of arbitration and difficult to reconcile with its unique features, such as confidentiality, flexibility or efficiency. The work outlines and attempts to solve the most important legal problems occurring at the interface of arbitration and personal data protection law. In the initial part, the issue of applying the GDPR to arbitration proceedings and the admissibility of processing personal data in the course of these proceedings is discussed. Then, the problem of assigning the participants of arbitration appropriate roles under the Regulation – such as data controller, data processor or data subject – is taken up, while discussing the rights and obligations related to them. The last chapter of the work, devoted to the principles of personal data processing, indicates the obligations arising from them in the context of arbitration proceedings and practical problems that may arise during their implementation.