Poland Publishes New Draft Data Protection Acts “Implementing” the GDPR

The Polish government recently published a package of draft data protection laws designed to “implement” the GDPR into Polish law. With amendments to more than 130 existing legislations, this reform is one of the largest in the country in years, and will bring changes across the entire Polish data protection landscape.

The reform is composed of a draft Personal Data Protection Act (PDPA Draft), containing provisions for the overall implementation of the GDPR, and draft provisions amending numerous sector legislations (Amending Act Draft), to align them with the GDPR.


PDPA Draft

The PDPA Draft is intended to replace the current Polish Data Protection Act and sets out all administrative, procedural, and other general details designed to “implement” the GDPR. Some of its main provisions include:


Amending Act Draft

The Amending Act Draft covers a vast range of activities and sectors, including, for example, employment, banking, e-services, telecoms sectors. Some of the most interesting changes include:

These draft acts have been welcomed by Polish data protection experts, as they not only provide more predictability for organisations preparing for the coming into effect of the GDPR, but also clarify many grey areas of the current Polish data protection framework. The drafts are now open for consultation, which will run until 13 October.

The official text of the draft legislations can be found here (only available in Polish).


How OneTrust Helps

OneTrust provides privacy management tools with templates and questionnaires which can help organisations comply with privacy obligations around the world, including GDPR, and questionnaires can be tailored by country, to tackle any specific requirement applicable to any given country.