Karolina Sieraczek

Rechtsanwältin (Polen)
Senior Associate
Phone: +48 71 60 60 415

After several years of negotiations the new EU regulation on the general personal data protection system across the Community has been finally passed. The main goal of the new regulation is to strengthen the personal data protection by, among other things, imposing additional obligations on businesses and severe financial penalties for infringements. 

Pursuant to the new law, enterprises will have to communicate every personal data breach to the data protection authority (the Inspector General for the Protection of Personal Data (GIODO) in Poland). If an infringement on personal data protection is likely to pose a high risk to the rights and freedoms of individuals, the enterprise will have to notify the data subject of that infringement. 

Businesses will no longer have to register databases but they will be obliged to appoint an in-house Data Protection Officer (who will replace the current Information Security Controller). 

A failure to observe the new obligations will expose an enterprise to administrative fines of up to 20 million euro or 4% of global turnover. 

The new rules will take effect in the Member States from May 2018. As they introduce significant changes, it makes good sense to adjust your internal standards (and documentation) to the new requirements in advance. 

We are at your service with legal advice if you are interested in our help with checking your practices and personal data protection documentation for compliance with the current and the new regulations. Our attorneys-in-law also offer legal advice in Poland on other issues. They are at your disposal in Rödl & Partner offices in: Gdansk, Gliwice, Cracow, Poznan, Warsaw, Wroclaw.

22.06.2016 r.