The Polish legislators have made limited use of the opening clauses of the GDPR. However, the Polish Data Protection Act specifies some topics that are relevant for corporate data protection, such as monitoring of employees, data subject’s access requests, administrative fines and penalties.
In the following, you will find the additions and deviations to the GDPR on the most important topics of data protection for companies. If topics are not linked, there are no deviating or specifying provisions in the national data-protection law.
- Specific data protection law and official guidelines
- Substantive and territorial scope (no regulations deviating from the GDPR)
- Definitions (no regulations deviating from the GDPR)
- Legal principles (no regulations deviating from the GDPR)
- Legal basis (no regulations deviating from the GDPR)
- Sensitive data (no regulations deviating from the GDPR)
- Informing requirements
- E-marketing (new regulation by ePrivacy Regulation remains to be seen)
- Cookies
- Automated decision-making (no regulations deviating from the GDPR)
- Rights of data subjects
- Processing on behalf of a controller (no regulations deviating from the GDPR)
- Records of processing activities
- Data security (no regulations deviating from the GDPR)
- Data breaches (no regulations deviating from the GDPR)
- Data protection impact assessment (DPIA)
- Data protection officer
- Certification
- Data transfer (no regulations deviating from the GDPR)
- Supervisory authorities
- Sanctions and penalties
- Data protection for employees
- Archiving, scientific and historical research (no regulations deviating from the GDPR)
