Introduction to the Polish Data Protection Law

In Poland, personal data has been firstly protected by the Constitution of the Republic of Poland (Konstytucja Rzeczypospolitej Polskiej) from 1997. Article 47 guarantees the right to privacy, whereas article 51 specifically provides for the right to data protection.

Until 25 May 2018 when the EU General Data Protection Regulation (GDPR) will take effect, the main legislative tool in Poland is the Personal Data Protection Act (Ustawa o ochronie danych osobowych), which specifies the norms serving the protection of personal data. It has been adopted in accordance with the EU Directive 95/46/EC on the protection of personal data. This Directive, however, will be shortly replaced by the new European legislation, namely GDPR.

In addition to the Polish Personal Data Protection Act, several other implementing acts apply to the personal data processing (see the chapter about important legislation).

  1. Important legislation
  2. Definitions
  3. Legal basis
  4. E-marketing
  5. Online data protection
  6. Data subjects’ rights
  7. Data security
  8. Data protection supervision
  9. Notification obligations
  10. Data protection officer
  11. Data transfer
  12. Commissioned processing
  13. Data protection enforcement