Skip to content

Poland Data Protection Update with GP Partners

In this Expert Focus video, Maciej Gawroński and Michał Ćwiakowski of GP Partners provide expert insight into data protection issues in Poland. Watch the video to learn about the current areas of focus of the Polish Data Protection Authority, the status of the legality of data transfers outside the EEA, types of personal data not yet recognised by Polish courts, and more.

Published on 15 February 2023
Maciej Gawroński
Ranked in TMT: Data Protection in Chambers Europe 2022
View profile
Michał Ćwiakowski, EF, GP Partners
Michał Ćwiakowski

Developments in data protection

At EU level, with regard to the GDPR, a recent Accenture survey indicated an improvement in industry leaders' perception of cyber and privacy regulation in 2022, reaching an approval rating of 73%.

At national level, the Polish Data Protection Authority (PUODO) recently released its Control Plan 2023. In contrast to last year's control plan, the Control Plan 2023 does not focus on a specific sector but on particular types of processing.

Additionally, at EU, Polish and international levels, the following developments with regard to data transfers are worth noting:

  • Schrems II;
  • 101 complaints filed by the NOYB foundation;
  • European Data Protection Board (EDPB) guidelines;
  • EU decisions;
  • POTUS SIGINT executive order, indicating that the US will offer stronger data protection to foreign nationals; and
  • PUODO decisions.

Personal data in Poland

Poland differs from other jurisdictions in not considering the following types of data to fall within the scope of personal data:

  • car licence plates;
  • mobile phone numbers - if processed without additional data; and
  • IP addresses and cookie ID - unless the controller is capable of being identified.

Other peculiarities of the Polish jurisdiction include its approach to personal identification numbers (PESEL), which is considered dualistic, as PUODO considers the numbers as personal data and expects breaches to be reported, but the information is widely available in the public domain.

Focus of PUODO

The Polish data protection authority is focused on ensuring that data controllers exercise proper and suitable supervision over data processors.

Additionally, the length of the limitation period for claims is an important consideration.

Gawronski & Partners

Gawronski & Partners
1 ranked lawyer
Learn more about the firm’s ranking in Chambers Europe 2022
View firm profile

Chambers Global Practice Guide Data Protection and Privacy 2022

Learn more about global developments in data protection and privacy