Law: Act of 10 May 2018 on the Protection of Personal Data (the Act) and the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR)

Regulator: Polish data protection authority (UODO)

Summary: Poland implemented the GDPR in 2018 through the Act of 10 May 2018 on the Protection of Personal Data (the Act) which came into effect on May 25, 2018. The Act does not contain major derogations from the GDPR. Additionally, the Act establishes the Polish data protection authority (UODO) as the primary supervisory authority and its functions include conducting audits of compliance and issuing administrative decisions and publishing guidance. Further to the same, the UODO has published guidance on employment and data protection, cookies, and Data Protection Impact Assessments. Notably, to the UODO, a violation of data protection rules may result in action being taken by other authorities, such as the President of the Office of Competition and Consumer Protection or the President of the Office of Electronic Communications.