Sanctions and penalties under Polish data protection law

Administrative fines

Payment and calculation of administrative fines

The amount of administrative fines under Art. 83 GDPR expressed in EUR must be calculated in polish zloty (PLN), in accordance with the average exchange rate determined by the National Bank of Poland (Art. 103 Data Protection Act), and must be paid within 14 days (Art. 105 Data Protection Act).

Public authorities

Units of the public finance sector, research institutes and the National Bank of Poland are subjected to the maximum fine of 100,000 PLN (Art. 102 Data Protection Act).


Data processing, if not permitted, may be fined by imprisonment of up to 2 years or, in case of processing of special categories of personal data, up to 3 years (Art. 107 Data Protection Act).

Hindering the inspections of compliance with data-protection regulations may also incur fines or imprisonment of up to 2 years (Art. 108 Data Protection Act).

Contact us!

Secure the knowledge of our experts!

Subscribe to our free newsletter: