We use cookies to personalise the website and offer you the greatest added value. They are, among other purposes, used to analyse visitor usage in order to improve the website for you. By using this website, you agree to their use. Further information can be found in our data privacy statement.

Personal data protection and new technologies


Personal data security is an important aspect of pursuing a business. Personal data regulations impose certain rules of procedure on entities (among others, enterprises) collecting and processing personal data.

Quick technological progress, development of new technologies and the social and economic integration resulting from the single EU market lead to an exponential growth of the scale at which personal data are collected, used and circulated. The EU strives to ensure an EU-uniform degree of protection of individuals’ security in connection with personal data processing. The General Data Protection Regulation (GDPR) has been in force since May 2018. It introduced a number of new obligations which involve, among others, reviewing internal data processing activities and preparing relevant documentation. Technological requirements have been set, too. Under the new regulations, data controllers must adjust the level of security of the processed data to the applicable guidelines and monitor it regularly.


In this section we are going to analyse for you the GDPR and other EU laws on personal data protection as well as inform you about the relevant steps of the Polish lawmakers. Please contact us directly and use the knowledge and experience of our experts.
We offer comprehensive legal advice and assistance at every stage of adapting your business to current laws. Our attorneys-at-law and IT security experts are available to you in the Rödl & Partner offices in Cracow, Gdansk, Gliwice, Poznan, Warsaw and Wroclaw.


PESEL is now blockable »

Every person who has a Polish personal identification number PESEL (including foreigners) may block their PESEL number since 17 November 2023 – also through an attorney.


Report on cookie banners – does your banner meet the recommendations? »

The Cookie Banner Taskforce established by the European Data Protection Board (EDPB) issued a report on their findings on 18 January 2023.


Employee liability in the context of reporting a breach of law »

As the Whistleblower Protection Bill is expected to become law, the question arises if an employee can be held liable for damage resulting from such reporting?


Hiring foreigners in Poland in the context of GDPR »

The growing interest in hiring foreigners from outside the European Union among Polish employers triggers numerous doubts and questions.


Communicating a personal data breach to natural persons »

Ensuring an appropriate level of personal data protection is one of the main responsibilities of personal data controllers.


Do you process data in a mobile app? Be prepared for an inspection by the Personal Data Protection Office »

Like every year, the President of the Personal Data Protection Office (PDPO) published in January an inspection schedule for 2022.


How to assess a personal data incident? »

Personal data breaches may happen to any organisation. Depending on numerous factors such as the reasons, extent or risk of certain ramifications, they may trigger specific GDPR obligations for data controllers.


Are you a controller? You need to quickly identify data breaches »

In its decision of 22 April 2021, the President of the (Polish) Personal Data Protection Office (PDPO) imposed an administrative fine of PLN 1,136,975 on the data controller – Cyfrowy Polsat S.A.


Whistleblowers and GDPR »

The whistleblowing system is a challenge for the security of personal data processing in an organisation. Before implementing it, you should remember about ensuring anonymity and confidentiality of data.


President of the Polish Personal Data Protection Office has slapped the first fine for breach of the GDPR »

Nearly 10 months after the effective date of GDPR, the President of the Polish Personal Data Protection Office (PDPO) has imposed the very first fine for unlawful data processing.

Right to erasure and data retention policy »

Among the new personal data protection laws, particular controversy is sparked by Article 17 of GPDR, which gives data subjects the right to obtain erasure of their data.


GDPR – guidelines for mobile app developers »

In recent times, computers or laptops have been losing popularity, giving way to mobile devices such as smartphones, smartwatches or tablets, which are gradually becoming our basic working tools.


GDPR in e-commerce »

GDPR has been in full force since 25 May 2018 and the media regularly report news about absurdities resulting from wrong interpretation of GDPR provisions.


GDPR in marketing »

25 May 2018 brought a lot of changes to the processing of personal data. On that day the long awaited and broadly publicised GDPR came into force to change the rules of personal data protection.


GDPR – what will change in the HR domain? »

25 May 2018 means a revolution in the processing of personal data. Regulation of the European Parliament and of the Council of 27 April 2016 introduces many changes to be faced by all enterprises.


GDPR: Data Protection Officer »

According to Recital 4 GDPR, the right to the protection of personal data is not an absolute right. It must be considered in relation to its function in society and be balanced against other fundamental rights.


GDPR and the consent to personal data processing »

One of the fundamental rules set in the General Data Protection Regulation (GDPR) says that data subjects must consent to the processing of their personal data.


Be careful who you entrust personal data to »

Enterprises being data controllers often disclose personal data to various suppliers who thus become data processors.


How to monitor employees lawfully? »

We are monitored and tracked every day – on the streets, in shops, in car parks, within housing estates, at entrances to buildings and at work.


GDPR – revolutionary amendments to take effect as soon as from May 2018 »

In May 2018, personal data protection and processing laws will start to apply across the EU. GDPR introduces severe penalties for non-compliance with the GDPR requirements.


Personal data: consequences of processing, assessment of risk and threats, rules for profiling »

It is only by May 2018 when enterprises have time to adapt to new EU legislation on personal data processing and protection.


Contact Person Picture

Jarosław Kamiński

Attorney at law (Poland)

Associate Partner

+48 694 207 482

Send inquiry


Deutschland Weltweit Search Menu