As of the next year in the entire European Union the provisions of the General Data Protection Regulation (RODO) will apply. RODO will be applied directly, regardless of the national provisions on personal data protection and the obligation of all entrepreneurs is to observe the requirements provided in RODO before 25 May 2018, when the requirements resulting from its provisions become effective also in Poland.
The regulation applies to all entities that process personal data, in particular in connection with the pursued business activity. On 25 May 2018 all possible internal procedures that ensure observance of GDPR should be ready and implemented, and the documentation connected with data processing should be adjusted. The regulation introduces many new rules, procedures and obligations connected with personal data processing. For example, after 25 May 2018 the requirement to report data sets to GIODO (Inspector General for the Protection of Personal Data) will be repealed, and the administrator itself will be responsible for controlling and ensuring the correctness of data processing.
RODO provides for high financial penalties for violation of the provisions regarding data protection (depending on the nature of violation).