Personal Data

Poland is covered by the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (GDPR or RODO). The entity that is the controller of personal data must be able to demonstrate that the data processing is carried out in accordance with its provisions.

The GDPR sets out 6 conditions for the legality of the processing of personal data – these are: a) obtaining the consent of the data subject, b) necessity to conclude and perform the contract, c) obligation resulting from legal provisions, d) protection of the vital interests of the data subject, e) a task carried out in the public interest or in the exercise of public authority, f) and the legitimate interest of the administrator or a third party. As a rule, the processing of personal data, the so-called specific categories, such as those revealing ethnic origin, health, political views or sexual orientation is forbidden. The conditions for the processing of such data and the rules to which they are subject are set out in the GDPR.

The Act of 10 May 2018 on the protection of personal data plays a complementary role to the GDPR. It regulates organizational issues related to the functioning of the supervisory body for the protection of personal data in Poland, as well as the control and cooperation procedures with authorities at the EU level.

Regulations on the protection of personal data are also included in national specific acts, which is to ensure the application of the GDPR in the Polish legal order.