

Personal data protection law
of 10 May 2018
Journal of Laws of 2018, item 1000, as amended
Personal data protection law
Chapter I. General provisions (Art. 1-7)
Article 1. Scope of the ActArticle 2. Restrictions on the application of the rules to press-related activities, literary, artistic activities and academic statementsArticle 3. Changing the purpose of the processing of personal data in the context of the performance of a public task Exemption from the obligation to provide informationArticle 4. Direct acquisition of personal data Exemption from informationArticle 5. Restriction of the right of access to information on the processing of data by the controllerArticle 5a. Exclusion of the exercise of the right of access of the data subjectArticle 6. Exclusion of the application of the provisions of the law to the processing of personal data for the purpose of national security or by special servicesArticle 6a. Appropriate application of provisionsArticle 7. Action by the President of the Office for the Protection of Personal Data
Chapter II. Appointment of the Data Protection Officer (Art. 8-11)
Article 8. Obligation to appoint a data protection inspectorArticle 9. Public bodies and entities required to appoint an inspectorArticle 10. Notice to the President of the Authority of the appointment of an inspectorArticle 11. Provision of inspector dataArticle 11a. Person substituting the inspector
Chapter IV. Conditions and procedure for certification (Art. 15-26)
Article 15. Certification body; rules for certificationArticle 16. Provision of certification criteriaArticle 17. Application for certificationArticle 18. Date of examination of the application for certification; failure to recognise the applicationArticle 19. Informing the President of the Authority of the planned completion or planned refusal of certificationArticle 20. Refusal to certifyArticle 21. Content of the certificateArticle 22. Obligation to fulfil the certification criteriaArticle 23. Data of the certified entity transmitted to the President of the AuthorityArticle 24. Verification activities to assess the fulfilment of the certification criteriaArticle 25. Powers of the person carrying out the verification activitiesArticle 26. Fees for certification activities
Chapter V. Development and approval of a code of conduct (Art. 27-33)
Article 27. Rules for the development, opinion and approval of the Code of Conduct Referral; consultationArticle 28. An entity monitoring compliance with the approved code of conductArticle 29. Application for accreditation to monitor compliance with the approved code of conductArticle 30. Consideration of an application for accreditationArticle 31. Accreditation certificateArticle 32. Obligation to meet the accreditation criteriaArticle 33. List of accredited entities
Chapter VI. President of the Office (Art. 34-59)
Article 34. Status, appointment, removal and term of office of the President of the OfficeArticle 35. The PromiseArticle 36. Vice-Presidents of the OfficeArticle 37. Restrictions on the holding of other posts and other activities by the President of the Office and his alternatesArticle 38. Immunity of the President of the OfficeArticle 39. Overtime in criminal proceedings and the immunity of the PresidentArticle 40. Request for consent to the prosecution of the President of the OfficeArticle 41. Consideration of an application for consent to the prosecution of the President of the OfficeArticle 42. Request for consent to the detention or arrest of the President of the OfficeArticle 43. Announcement of a resolution approving the arrest or detention of the President of the OfficeArticle 44. Responsibility of the President of the Authority for offensesArticle 45. The Office for the Protection of Personal Data; local units and the Statute of the OfficeArticle 46. Obligation to maintain confidentialityArticle 47. Legislative delegation model of professional legitimacy of an official of the OfficeArticle 48. Council for the Protection of Personal DataArticle 49. Remuneration for participation in the Council's workArticle 50. Report on the activities of the President of the AuthorityArticle 51. Opinion on assumptions and draft legal acts by the President of the AuthorityArticle 52. Speeches by the President of the Office to other entitiesArticle 53. Information provided by the President of the Authority on the BIP websiteArticle 54. Communication from the President of the Authority on the types of personal data processing operations requiring or not requiring an assessment of the effects of the processing for their protectionArticle 55. Telecommunication system for reporting personal data breachesArticle 56. Approval of binding corporate rules; authorisation to apply specific types of safeguards when transferring personal data to a third country or an international organisationArticle 57. Request for prior consultation before processing of personal dataArticle 58. Request to initiate appropriate proceedings where the President of the Authority considers that an infringement has occurredArticle 59. Cooperation of the President of the Authority with independent supervisory authorities
Chapter VII. Proceedings in the case of a breach of provisions (Art. 60-74)
Article 60. The entity conducting the proceedingsArticle 61. Participation of the social organisation in the proceedingsArticle 62. Responsibilities of the President of the Office in the event of non-resolution of the case within the deadlineArticle 63. Request for a translation of the documentation into PolishArticle 64. Access by the President of the Office to confidential informationArticle 65. Keeping information that constitutes a trade secretArticle 66. Restriction of access to case filesArticle 67. Notice to the Parties by public announcementArticle 68. Verification procedure for the purpose of supplementing evidenceArticle 69. Penalties for infringement of personal representationArticle 70. Temporary restriction on the processing of personal dataArticle 71. Application for a legal question on the legality of the European Commission Decision on the general application of the Code of Conduct in the EUArticle 72. Indication in the decision of the grounds for imposing an administrative penaltyArticle 73. Information on the decision by the President of the Authority in the BIPArticle 74. Suspension of the execution of an administrative penalty decision where a complaint is lodged with an administrative court
Chapter IX. Supervision of compliance with provisions (Art. 78-91)
Article 78. Subject performing the control; control planArticle 79. The controllerArticle 80. Exclusion of controller from participation in controlArticle 81. Authorisation to carry out checksArticle 82. Authorisation of a person with expertise to participate in controlsArticle 83. The presence of the controlled person or person authorised by the controlled person during the controlArticle 84. Powers of the controllerArticle 85. Participation of the police in controlArticle 86. Interrogation of a controlled employeeArticle 87. Bases for establishing the factual statusArticle 88. The control protocolArticle 89. Duration of the inspectionArticle 90. Obligation to initiate an infringement procedureArticle 91. Rules applicable to controls
Chapter X. Civil liability and court proceedings (Art. 92-100)
Article 92. Scope of the provisions of k.c.Article 93. The jurisdiction of the courtArticle 94. Exchange of information between the Court and the President of the AuthorityArticle 95. Suspension of proceedings before the President of the OfficeArticle 96. Elimination of judicial proceedings in the event of a decision by the President of the OfficeArticle 97. Appeal to the Court by decision of the President of the OfficeArticle 98. Initiation of legal proceedings by the President of the Authority; participation of the President of the Authority in legal proceedingsArticle 99. Submission by the President of the Office of substantive views in the legal proceedingsArticle 100. Application of the provisions of the CCP
Chapter XI. Provisions on administrative fines and criminal provisions (Art. 101-108)
Article 101. Grounds and conditions for imposing an administrative penaltyArticle 101a. Obligation to provide dataArticle 102. Impose an administrative penalty on public finance sector entities, research institutes or NBPsArticle 103. Conversion of euro amounts into goldArticle 104. Measures from the administrative penalty as revenue of the State budgetArticle 105. Date of payment of the administrative penalty; deferral of the time limit; breakdown into instalments; relief from the administrative penaltyArticle 106. Exemption from the application of the rules on administrative finesArticle 107. Unlawful processing of personal dataArticle 108. Disruption of controls on compliance with data protection rules
Chapter XII. Amendments to provisions (Art. 109-157)
Article 109Article 110Article 111Article 112Article 113Article 114Article 115Article 116Article 117Article 118Article 119Article 120Article 121Article 122Article 123Article 124Article 125Article 126Article 127Article 128Article 129Article 130Article 131Article 132Article 133Article 134Article 135Article 136Article 137Article 138Article 139Article 140Article 141Article 142Article 143Article 144Article 145Article 146Article 147Article 148Article 149Article 150Article 151Article 152Article 153Article 154Article 155Article 156Article 157
Chapter XIII. Transitional and adaptation provisions (Art. 158-174)
Article 158. Information security administrator as data protection officerArticle 159. Checks not completed before the date of entry into force of the ActArticle 160. Proceedings conducted by GIODO not completed before the date of entry into force of the ActArticle 161. Obligation to communicate to the President of the Authority a response to a request or request made by GIODOArticle 162. Enforcement procedures carried out on the basis of the implementing title issued by GIODOArticle 163. Effectiveness of enforcement actions in the administration not completed before the date of entry into force of the ActArticle 164. Ongoing proceedings on the position of GIODO as a creditorArticle 165. Maintenance of implementing rulesArticle 166. GIODO as President of the OfficeArticle 167. Transformation of the Office of GIODO into the Office for the Protection of Personal DataArticle 168. Assets of the State Treasury held by the GIODO Office on the date of entry into force of the ActArticle 169. Transfer of the liabilities and obligations of GIODO to the Office for the Protection of Personal DataArticle 170. Annual GIODO activity report by the President of the AuthorityArticle 171. Cases not completed before the date of entry into force of the ActArticle 172. First Communication on the types of personal data processing operations requiring an assessment of the effects of the processing for their protectionArticle 173. Establishment of a Council for the Protection of Personal DataArticle 174. Maximum amount of expenditure from the State budget

