In Poland, personal data has been firstly protected by the Constitution of the Republic of Poland (Konstytucja Rzeczypospolitej Polskiej) from 1997. Article 47 guarantees the right to privacy, whereas article 51 specifically provides for the right to data protection.
Until 25 May 2018 when the EU General Data Protection Regulation (GDPR) will take effect, the main legislative tool in Poland is the Personal Data Protection Act (Ustawa o ochronie danych osobowych), which specifies the norms serving the protection of personal data. It has been adopted in accordance with the EU Directive 95/46/EC on the protection of personal data. This Directive, however, will be shortly replaced by the new European legislation, namely GDPR.
In addition to the Polish Personal Data Protection Act, several other implementing acts apply to the personal data processing (see the chapter about important legislation).