The document discusses Poland's preparedness for GDPR, highlighting that while the country's data protection laws have existed since 1997, they are inadequate for modern technology needs. A study showed that a significant portion of Polish companies are unaware of GDPR and lack necessary compliance measures. Current legislative efforts aim to introduce new laws aligned with GDPR, including establishing a data protection office and more effective procedures.

1. Is POLAND
ready for GDPR ?
Vienna, 23-26 April 2017

2. I. 20 years of data protection in Poland
 The Polish law on protection of personal data was inacted in 1997
 Since its implementation, in principle it functions in a slightly altered shape (amended only 4
times, in 2002, 2014, 2015, 2016).
 Polish regulations seems inadequate for the information technology in XXI century
 From 1 January 2015 there is an OPTION to appoint a Data Security Administrator (with
similar responsibilities as Data Protection Officer, referred to in article 37 of GDPR

3. Relatively low penalties in Poland vs. GDPR
 The Data Protection Authority may impose a fine of up to PLN 200,000 (approximately EUR
50,000) for the purpose of forcible removal of infringements.
 Criminal penalties for people responsible for data protection – fines, restriction of liberty or up
to 2 years imprisonment

4. II. Knowledge of GDPR among entrepreneurs in Poland
 A study on the knowledge of the EU Data Protection Regulation carried out in the autumn of
2016 on the Data Protection Group of 200 companies employing more than 100 people. *
 More than half (52%) of companies have never heard of GDPR.
 Two thirds (67%) of them do not realize how much time left to implement the regulation.
 GDPR grants individuals the right to be forgotten - (50%) of companies does not have
procedures and technologies that give the consumer the right to be forgotten.
 As many as 42% of organizations have not implemented any procedures to inform the data
protection authority about the violations.
___________________________
*survey by: ARC Rynek I Opinia

5. III. GDPR provides different approach
 The GDPR is formulated in a way that is different from the current data protection provisions
in Poland.
 Current approach consists in the use of specific procedures in the processing of personal
information in order to make citizens aware of their collection.
 The DGPR focuses on the issue of data security - any security breach, leak or modification
must be disclosed to the company's customers and the relevant authorities.

6. IV. Current legislative works in Poland
Polish Ministry of Digital Affairs currently works on the new legislative, which will implement
GDPR into Polish legal system, which will be focused on:
 New Office for Data Protection
 More effective procedures for execution of claims
 Provisions concerning risk based approach
 Lowering the child's age when data processing in the e commerce sector requires parental
consent

7. The first draft of new law is expected to be
published in April 2017.

8. Rafał Roszkowski – attorney at law
• Specializes in commercial law,
with particular emphasis on
commercial and intellectual
property and new technologies
law.
• He has extensive experience in
conducting transactions and
corporate affairs of companies.
• r.roszkowsk@gkrlegal.pl

9. Rafał Roszkowski
r.roszkowsk@gkrlegal.pl
www.gkrlegal.pl