Data subjects’ rights under Polish data protection law

Deviating provision applicable to administrators performing a public task

When the of processing purpose changes and such change serves a public task, the following information requirements concerning access to personal data (Art. 15 (1-3) GDPR) do not apply: (1) confirmation on whether the personal data is processed, (2) information on the appropriate safeguards when the data is transferred to a non-EU country or an international organization and (3) provision of copies of the personal data undergoing processing (Art. 5 Data Protection Act).