ODO24 Logo
ODO24 Logo
ODO24 Logo

RODO Navigator online

To make it easier for you to work with data protection regulations, we link relevant recitals from the preamble (P), provisions of the Personal Data Protection Act (U), and guidelines from the European Data Protection Board (W) alongside individual GDPR articles.

RODO Nawigator

GDPR Navigator online are related texts:

  • Regulation (EU) 2016/679 is amended as follows:
  • Personal data protection laws.
  • EDPB guidelines.

List of contents

The entrance
Map of the practical aspects of the GDPR
List of guidelines of the Article 29 Working Party and the European Data Protection Board
Regulation (EU) 2016/679 of the European Parliament and of the Council
Chapter I. General rules (art. 1-4)
Article 1 Subject and purposeArticle 2 Material scope of useArticle 3 Territorial scope of useThis Regulation shall enter into force on the day following that of its publication in the Official Journal of the European Union.
Chapter II of the Rules (art. 5-11)
Article 5 Rules on the processing of personal dataArticle 6 Conformity of the processing with the lawArticle 7 Conditions for giving consentArticle 8 Conditions for giving consent by a child to information society servicesArticle 9 Processing of specific categories of personal dataArticle 10 Processing of personal data relating to convictions and prohibited actsArticle 11 Processing which does not require identification
Chapter III. Rights of the data subject (art. 12-23)
Article 12 Transparent information and transparent communication and exercise of rights by data subjectsArticle 13 Information provided in the event of data collection from the data subjectArticle 14 Information provided in the event of personal data being obtained in a manner other than from the data subjectArticle 15 Right of access of data subjectsArticle 16 Right to rectification of dataArticle 17. Right to erasure (‘right to be forgotten”)Article 18 Right to restrict processingArticle 19 Obligation to notify rectification or deletion of personal data or restriction of processingArticle 20 Right to transfer dataArticle 21 Right to objectArticle 22 Automated decision-making in individual cases, including profilingThis Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal.
Chapter IV. Administrator and processor (art. 24-43)
Article 24 Duties of the administratorArticle 25 Inclusion of data protection in the design phase and default data protectionArticle 26 Co-directorsArticle 27 Representatives of administrators or processors who do not have an organisational unit in the UnionArticle 28 Processing entityArticle 29 Processing under the authority of the controller or processorArticle 30 Registration of the processing activitiesArticle 31 Cooperation with a supervisory authorityArticle 32 Security of processingArticle 33 Reporting of a personal data breach to a supervisory authorityArticle 34 Notification of a data subject of an infringement of the protection of personal dataArticle 35 Assessment of data protection effectsArticle 36 Previous consultationsArticle 37 Designation of the data protection officerArticle 38 Status of data protection officerArticle 39 Tasks of the data protection officerArticle 40 of the code of conductArticle 41 Monitoring of approved codes of conductThis Regulation shall enter into force on the day following that of its publication in the Official Journal of the European Union.Article 43 The certifying entity
Chapter V. Transfer of personal data to third countries or international organisations (art. 44-50)
Article 44 General principle of transmissionArticle 45 Transfer on the basis of a decision establishing an appropriate level of protectionArticle 46 Transfers subject to appropriate safeguardsArticle 47 Binding corporate rulesArticle 48 Transfers or disclosures not permitted under Union lawArticle 49 Exceptions in specific situationsArticle 50 International cooperation for the protection of personal data
Chapter VI. Independent supervisory authorities (art. 51-59)
Article 51 Supervisory authorityArticle 52 Independence of the UnionArticle 53 General conditions for the members of the supervisory authorityArticle 54 Rules for the establishment of a supervisory authorityThis Regulation shall enter into force on the day following that of its publication in the Official Journal of the European Union.Article 56 Powers of the lead supervisory authorityThis appropriation is intended to cover:Article 58, entitlementArticle 59 Reporting of activities
Chapter VII Cooperation and consistency (art. 60-76)
Article 60 Cooperation between the lead supervisory authority and the other supervisory authorities concernedArticle 61 Mutual assistanceArticle 62 Joint operations of supervisory authoritiesArticle 63 The consistency mechanismArticle 64 Opinion of the European Data Protection BoardArticle 65 Dispute settlement by the European Data Protection BoardArticle 66 Emergency modeArticle 67 Exchange of informationArticle 68 European Council for the Protection of DataArticle 69 Independence of the UnionArticle 70 Tasks of the European Data Protection BoardThis Regulation shall enter into force on the date of its publication in the Official Journal of the European Union.This Regulation shall enter into force on the day following that of its publication in the Official Journal of the European Union.Article 73 Chairman of the CommitteeArticle 74 Tasks of the ChairmanThis appropriation is intended to cover expenditure relating to:Article 76 Confidentiality
Chapter VIII Measures of legal protection, liability and sanctions (art. 77-84)
Article 77 Right to lodge a complaint with a supervisory authorityArticle 78 Right to an effective remedy before a court against a supervisory authorityArticle 79 Right to an effective remedy in court against an administrator or processorArticle 80 Representation of data subjectsArticle 81 Suspension of the proceedingsArticle 82 Right to compensation and liabilityArticle 83 General conditions for imposing administrative finesArticle 84 Penalties
Chapter IX. Provisions on special situations related to processing (art. 85-91)
Article 85 Processing and freedom of expression and informationArticle 86 Processing and public access to official documentsArticle 87 Processing of the national identification numberArticle 88 Processing in the context of employmentArticle 89 Safeguards and exceptions applicable to processing for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposesArticle 90 Obligation to maintain confidentialityArticle 91 Existing data protection rules applicable to churches and religious associations
Chapter X. Delegated acts and implementing acts (art. 92-93)
Article 92. Exercise of the powers conferredArticle 93. The committee procedure
Chapter XI Final rules (art. 94-99)
Article 94 deviation from Directive 95Article 95 relationship with Directive 2002/58Article 96 Relation to previously concluded agreementsArticle 97 Report from the CommissionArticle 98 Review of other Union legal acts relating to data protectionArticle 99 Entry into force and application
This Regulation shall enter into force on the day following that of its publication in the Official Journal of the European Union.
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173
Personal data protection law
Chapter I. General rules (art. 1-7)
Article 1 Scope of the ActArticle 2 Restriction of application to press material activities, literary activities, artistic activities and academic expressionsArticle 3 Changes in the purpose of the processing of personal data in the performance of a public task Exemption from the obligation to provide informationArticle 4 Direct acquisition of personal data exemption from the information obligationArticle 5 Restriction of the right of access to information on the processing of data by the controllerArticle 5a Exemption from the exercise of the right of access of the data subjectArticle 6.Exclusion from the application of the provisions of the Act in the case of the processing of personal data by national security or special servicesArticle 6a Appropriate application of the provisionsArticle 7 Procedures by the Director of the Office for Personal Data Protection
Chapter II. Appointment of the data protection officer (art. 8-11)
Article 8 Obligation to appoint a data protection officerArticle 9 Public bodies and entities required to appoint an inspectorArticle 10. Notice to the President of the Office of the appointment of an inspectorArticle 11 Disclosure of the inspector's dataArticle 11a Person acting as an inspector
Chapter III: Conditions and procedures for granting accreditation to a certifying entity (art. 12-14)
Article 12 Accrediting body; rules for accreditationArticle 13 Provision of accreditation criteriaArticle 14 Information on the accreditation granted
Chapter IV. Conditions and procedures for certification (art. 15-26)
Article 15 Certifying entity; rules for certifyingArticle 16 Provision of certification criteriaArticle 17 Application for certificationArticle 18 Deadline for the examination of an application for certification; failure to recognise the applicationArticle 19 Informing the President of the Authority of the planned completion or planned refusal of certificationArticle 20 Refusal to certifyArticle 21 Content of the certificateArticle 22 Obligation to fulfil the certification criteriaArticle 23 Data of the certified entity transmitted to the President of the AuthorityArticle 24 Verification activities for the purpose of assessing compliance with the certification criteriaArticle 25 Rights of the person carrying out the verification activitiesArticle 26 Fees for certification activities
Chapter V. Developing and approving the Code of Conduct and the terms and conditions of accreditation of the entity monitoring its compliance (art. 27-33)
Article 27 Rules for drawing up, commenting on and approving the Code of Conduct Referral; consultationArticle 28 An entity monitoring compliance with the approved code of conductArticle 29 Application for accreditation to monitor compliance with the approved code of conductArticle 30 Consideration of an application for accreditationArticle 31 Certificate of accreditationArticle 32 Obligation to meet the accreditation criteriaArticle 33 List of accredited entities
Chapter VI: President of the Authority (art. 34-59)
Article 34 Status, appointment, removal and term of office of the President of the OfficeArticle 35 - Promise of marriageArticle 36 Vice-President of the OfficeArticle 37 Restrictions on the occupation of other posts and other activities by the President of the Office and his alternatesArticle 38 Immunity of the President of the OfficeArticle 39 Immunity of the President of the OfficeArticle 40 Request for consent to the prosecution of the President of the OfficeArticle 41 Consideration of an application for consent to the prosecution of the President of the OfficeArticle 42 Request for consent to the detention or arrest of the President of the OfficeArticle 43 Announcement of a resolution approving the arrest or detention of the President of the OfficeArticle 44 Liability of the President of the Office for offensesArticle 45 The Office for the Protection of Personal Data; local units and the Statute of the OfficeArticle 46 Obligation to maintain confidentialityArticle 47 Legislative delegation model of official legitimacy of an officialArticle 48 Council for the Protection of Personal DataArticle 49. Remuneration for participation in the work of the CouncilArticle 50 Report on the activities of the President of the OfficeArticle 51 Opinion on the assumptions and draft legislative acts by the President of the AuthorityArticle 52 Speeches by the President of the Office to other entitiesArticle 53 Information provided by the President of the Office on the BIP websiteArticle 54 Communication from the President of the Authority on the types of personal data processing operations requiring or not requiring an assessment of the effects of the processing for their protectionArticle 55 Telecommunication system for reporting personal data breachesArticle 56. Approval of binding corporate rules; authorisation of the use of specific types of safeguards when transferring personal data to a third country or international organisation Article 57 Request for prior consultation before the processing of personal dataArticle 58 Request for an appropriate procedure to be opened if the President of the Authority considers that an infringement has occurredArticle 59 Cooperation of the President of the Authority with independent supervisory authorities
Chapter VII: Procedure for infringement of the rules on the protection of personal data (art. 60-74)
Article 60 The entity conducting the proceedingsArticle 61 Participation of the social organisation in the conductArticle 62.Obligations of the President of the Office in the event of failure to resolve a case within the deadlineArticle 63. Request for a translation of the documentation into PolishArticle 64 Access by the President of the Office to confidential informationArticle 65 Keeping information as a trade secretArticle 66 Restriction of access to case filesArticle 67. Notification of the parties by public announcementArticle 68 Control procedure for the purpose of supplementing evidenceArticle 69 Penalties for breach of the duty of personal representationArticle 70 Temporary restriction on the processing of personal dataArticle 71.Request for a legal request on the compatibility with the law of the European Commission Decision on the general applicability of the Code of Conduct in the EUArticle 72 Indication in the decision of the grounds for imposing an administrative penaltyArticle 73. Provision in the BIP of information on the decision taken by the President of the AuthorityArticle 74 Suspension of the execution of a decision on an administrative penalty in the event of a complaint to an administrative court
Chapter VIII: European administrative cooperation (art. 75-77)
Article 75 Temporary restriction on the processing of personal dataArticle 76 Translation of the President's information into the official language of another Member StateArticle 77 Arrangements relating to the joint operation
Chapter IX. Control of compliance with the rules on the protection of personal data (art. 78-91)
Article 78. Control entity; control planArticle 79, the controllerArticle 80 Exclusion of the controller from participation in the controlArticle 81. Authorisation to carry out checksArticle 82 Authorization of a person with expertise to participate in controlArticle 83 The presence of the controlled person or person authorised by him during the controlArticle 84 Powers of the controllerArticle 85. Participation of the police in controlArticle 86 Interrogation of a controlled employeeArticle 87 Grounds for establishing the factual statusArticle 88 of the Control ProtocolArticle 89 The duration of the checksArticle 90 Obligation to initiate proceedings in respect of infringements of the rules on the protection of personal dataArticle 91 Rules applicable to controls
Chapter X. Civil Liability and Court Proceedings (art. 92-100)
Article 92. Scope of the provisions of k.c.Article 93 Jurisdiction of the courtArticle 94 Exchange of information between the court and the President of the OfficeArticle 95 Suspension of proceedings before the President of the OfficeArticle 96 Improvement of legal proceedings in the event of a decision by the President of the OfficeArticle 97. Connection of the Court by decision of the President of the OfficeArticle 98. Initiation of legal proceedings by the President of the Authority; participation of the President of the Authority in legal proceedingsArticle 99 Submission by the President of the Office of substantive views in court proceedingsArticle 100 Application of the provisions of the CCP
Chapter XI. Provisions on administrative fines and penalties (art. 101-108)
Article 101 Bases and conditions for imposing an administrative penaltyArticle 101a Obligation to provide dataArticle 102. Impose an administrative penalty on public finance sector entities, research institutes or NBPsArticle 103. Conversion of euro amounts into goldArticle 104 Means of administrative penalty as revenue of the State budgetArticle 105 Deadline for payment of the administrative penalty; postponement of the deadline; breakdown into instalments; relief in the administration of the administrative penaltyArticle 106 Exemption from the application of the rules on administrative finesArticle 107 Illegal processing of personal dataArticle 108.Improving the control of compliance with personal data protection rules
Chapter XII Amendments to the Regulations (Articles 109 to 157)
109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157
Chapter XIII. Transitional and adapting rules (art. 158-174)
Article 158. Information security administrator as data protection officerArticle 159 Unfinished checks before the date of entry into force of the ActArticle 160. Procedures conducted by GIODO not completed before the date of entry into force of the ActArticle 161. Obligation to communicate to the President of the Office a response to a request or request made by GIODOArticle 162. Enforcement procedures carried out on the basis of an implementing title issued by GIODOArticle 163. Effectiveness of actions carried out in enforcement proceedings before the date of entry into force of the ActArticle 164 Unfinished proceedings in respect of the position of GIODO as creditorArticle 165 Maintenance of implementing rulesArticle 166. GIODO as President of the OfficeArticle 167. Conversion of the Office of GIODO into the Office for the Protection of Personal DataArticle 168 Assets of the Treasury held by the GIODO Office on the date of entry into force of the ActArticle 169 Transfer of the liabilities and obligations of the Office to the Office for the Protection of Personal DataArticle 170. Annual GIODO activity report by the President of the AuthorityArticle 171 Cases not completed before the date of entry into force of the ActArticle 172 First communication on the types of processing operations requiring an assessment of the effects of the processing for the protection of personal dataArticle 173 Establishment of a Council for the Protection of Personal DataArticle 174 Maximum limit of expenditure from the State budget
Chapter XIV Final rules (art. 175-176)
Article 175. The derogating ruleThis Regulation shall enter into force on the date of its adoption.

We hope that the publication we have prepared will enable you to better embrace the content of the GDPR and facilitate the lawful and secure processing of personal data by your organisations.

It's important!

In addition to the aforementioned provisions and guidelines, we recommend that you read the Act of 21 February 2019*, which adapts the Polish legal order (162 acts) to the GDPR, inter alia by repealing provisions that conflict with the GDPR, duplicate GDPR solutions, or required consideration of the specifics of Polish legislation.

*Act of 21 February 2019 amending certain acts in connection with ensuring the application of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Text available at: https://isap.sejm.gov.pl

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
RODO Navigator online - Interactive GDPR text | ODO 24 | ODO 24