On 17 May 2016, Regulation (EU) 2016/679 of the
European Parliament and of the Council of 27 April
2016 on the protection of individuals with regard to
the processing of personal data and on the free
movement of such data, and repealing Directive
95/46/EC came into force. It is set to become
directly applicable as part of national legislation as
of 25 May, 2018.
The General Data Protection Regulation also known
as the “GDPR” (hereinafter in this edition of the
Polish Law Review as “Regulation” or “GDPR”) is a
comprehensive legislative act relating to the scope
of obligations of personal data processors and its
aim is to develop a new perspective on personal
data protection. It binds upon all the processors
processing personal data in connection with their
business activity. The aim of laying down the rules
of data protection in a regulation, rather than in a
directive (as it was previously), is to harmonise
those provisions throughout the European Union.
Uniform regulation is to facilitate cross-border
business activity. Discrepancies in the data
protection laws between different Member States of the European Union will be reduced, as a result
of which enterprises will be more confident when
applying the personal data protection mechanisms
in all the Member States of the European Union in
which they operate. However, it does not mean
that the Regulation will completely replace the
national Act on Personal Data Protection. The Act
will be supplementing the provisions of the
Regulation. In practice, enterprises processing
personal data will verify compliance of their
activities by referring directly to the provisions of
the Regulation and supplementing them with the
provisions of the amended Act on Personal Data
Protection.
The Regulation has established the European Data
Protection Board (“EDPB”) that takes over the
responsibilities of the Working Party on the
Protection of Individuals with regard to the
Processing of Personal Data. EDPB is an
independent body of the European Union vested
with legal personality. Its objective is to ensure
consistent application of the provisions of the
Regulation. At the national level, compliance with
the new provisions is monitored by supervisory
authorities. The new provisions establish the one-
stop-shop rule, whereby in the event an enterprise
processes personal data in more than one Member
State, the competent supervisory authority for the
enterprise’s principal establishment is also
competent for cross-border data processing and for
all the obligations of that enterprise with regard to
the implementation of the Regulation. The
supervisory authorities of the individual Member
States remain competent to handle complaints
lodged by natural persons against the operations of
a personal data controller in the relevant Member
State.
While there are also personal data processing rules
under the current legislation, these are mainly
recommendations
rather
than
mandatory
provisions. The Regulation directly introduces
personal data processing rules and thereby binding
obligations applicable to personal data processors.
The introduction of a list of fundamental personal
data protection rules provides the basis for new
standards of data protection as well as establishes a
framework for the other specific provisions of the
Regulation.
Given the significance of the amendments and the
severity of potential penalties imposed for
infringements of the GDPR, this edition of the Polish Law Review is devoted in its entirety to the
issues of personal data protection.
MILLER, CANFIELD,
W. BABICKI, A. CHEŁCHOWSKI I WSPÓLNICY SP.K.
ul. Batorego 28-32
81-366 Gdynia
Tel. +48 58 782-0050
Fax +48 58 782-0060
gdynia@pl.millercanfield.com
ul. Nowogrodzka 11
00-513 Warszawa
Tel. +48 22 447-4300
Fax +48 22 447-4301
warszawa@pl.millercanfield.com
ul. Skarbowców 23a
53-125 Wrocław
Tel. +48 71 780-3100
Fax +48 71 780-3101
wroclaw@pl.millercanfield.com
Disclaimer: This publication has been prepared for clients and professional associates of Miller Canfield. It is intended to provide only a summary of
certain recent legal developments of selected areas of law. For this reason the information contained in this publication should not form the basis of any
decision as to a particular course of action; nor should it be relied on as legal advice or regarded as a substitute for detailed advice in individual cases.
The services of a competent professional adviser should be obtained in each instance so that the applicability of the relevant legislation or other legal
development to the particular facts can be verified.