Updates on Data Privacy in Poland

Updates on Data Privacy in Poland

Warsaw, 20 November 2019

The updated list of operations requiring a data protection impact assessment was published in the official gazette of the Republic of Poland. The so called “black list” was updated by the Polish data protection authority, as a result of the recommendations of the European Data Protection Board (EDPB).

The following changes were made by the Polish supervisory authority:

  • The black list now provides that it is non-exhaustive and that it aims to help the controllers to better understand the processing operations.
  • The list has expanded by adding the processing of location data (e.g., applications and devices using IoT, data processed in connection with remote working or processing of employees’ GPS/location data).
  • The list now contains the processing of biometric and genetic data.
  • There is now a clear reference to the Working Group 29 Guidelines (WP248) on data protection impact assessment (as endorsed by the EDPB) that must be complied with.


ARCLIFFE LLP is a full service CEE regional law firm.  With nine offices and over 65 lawyers, we cover twenty-two jurisdictions from Vienna to Moscow, from the North Sea to the Mediterranean.

ARCLIFFE LLP’s partners are former senior lawyers (including partnership level) from major international law firms, such as Clifford Chance, Linklaters, CMS Cameron McKenna, Debevoise & Plimpton, Dentons, Kinstellar, Gide Loyrette, Bird & Bird, Wolf Theiss, and White & Case.  We are your Emerging Europe legal partner.

For more information, please visit us at www.arcliffe.com.