Global Data and Cyber Handbook

Poland

Select a Topic
Start Comparison
Data localization and regulation of non-personal data
Jump to
Data localization and regulation of non-personal data Start Comparison
Are there data localization/data residency or other types of laws that may require the retention and storage of data in the local jurisdiction, or prohibit the transfer of data out of the jurisdiction?

Last review date: 10 January 2025

Yes.

☒     Other laws that may require the retention and storage of personal data (including, for example, where such data is part of another type of record or dataset) in the local jurisdiction or otherwise prohibit the transfer or disclosure of the personal data outside of the local jurisdiction:

☒        other

Sector specific laws, such as:

Localization requirements of telecommunications data:

Operators of public telecommunications networks and providers of publicly available telecommunications services must store certain telecommunications data in the territory of Poland for a period of 12 months.

Localization requirements of gambling-related data:

In the case of online gambling, the devices for processing and archiving of data concerning those gambling games shall be installed and stored in the EU/EEA.

Localization requirements of data controlled by financial entities:

Financial sector laws restrict or preclude the ability of certain entities (e.g., banks, payment service providers) to outsource some key activities to providers located or operating outside of the EU. This restriction may affect storage of client data in a cloud environment, for example.

Does law or regulation impose mandatory requirements to share or make accessible non-personal data?

Last review date: 10 January 2025

         Obligation for public sector organizations to share or make accessible non-personal data

         Obligation for private organizations to share or make accessible data generated by connected or "IoT" devices

The rules and procedures for making public sector information available and transferring it for reuse and the conditions for reuse are defined by the Act of 11 August 2021 on open data and reuse of public sector information. Reuse of public sector information is the use by individuals, legal entities and organizational units without legal personality of public sector information, for commercial or non-commercial purposes other than the original public purpose for which the information was created. The right to re-use is subject to restriction to the extent and on the terms specified in the regulations on the protection of classified information and the protection of other statutorily protected secrets.

Moreover, general rules for accessing public sector information have been provided for in the Act of 6 September 2001 on access to public information.

With regard to data generated by connected or "IoT" devices, please refer to the section covering the EU Data Act in EU chapter of this Handbook.

What specific obligations do these data-sharing rules impose on private organizations?

Last review date: 10 January 2025

         Obligation to share data on request

         Obligation to (re)design products or services to facilitate data accessibility

         Obligation to standardize products or services to facilitate data portability or interoperability

Please refer to the section covering the EU Data Act in EU chapter of this Handbook.

{{ $store.state.loadingScreen.message }} ...