Article 1 PDPA
Scope of the Act

1. The Law shall apply to the protection of individuals in connection with the processing of personal data to the extent set forth in Article 2 and Article 3 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (Official Journal of the EU L 119 of 04.05.2016, p. 1), hereinafter referred to as "Regulation 2016/679."

2. The law specifies:

1) public entities obliged to appoint a data protection officer and the procedure for notification of his appointment;

2) the conditions and procedure for accreditation of an entity entitled to certification in the field of personal data protection, accredited by the Polish Center for Accreditation, hereinafter referred to as "certification entity", the entity monitoring the code of conduct and certification;

3) the procedure for approving the code of conduct;

4) the authority competent for the protection of personal data;

5) data breach proceedings;

6) the mode of European administrative cooperation;

7) monitoring compliance with data protection regulations;

8) civil liability for violations of data protection laws and court proceedings;

9) criminal liability and administrative fines for violations of data protection laws.