Law: Act of 10 May 2018 on the Protection of Personal Data ('the Act') and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')
Regulator: Polish data protection authority ('UODO')
Summary: The Act implements the GDPR in Poland. Some of the key areas of regulation specific to the Act include the obligation of public bodies to designate a data protection officer and notify the UODO of their designation, procedures in case of an infringement of the data protection principles, the amount of administrative fines that can be imposed, and the powers of the supervisory authority. The main duties of the UODO include conducting audits of compliance and issuing administrative decisions and publishing guidance. Further to the same, the UODO has published guidance on, among other things, employment and data protection, cookies, and Data Protection Impact Assessments. In addition to the UODO, a violation of data protection rules may result in action being taken by other authorities, such as the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.