Data Protection in Poland

Security in Poland

EU regulation

The GDPR is not prescriptive about specific technical standards or measures. Rather, the GDPR adopts a proportionate, context-specific approach to security. Article 32 states that controllers and processors shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of the processing. In so doing, they must take account of the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing. A 'one size fits all' approach is therefore the antithesis of this requirement.

However, the GDPR does require controllers and processors to consider the following when assessing what might constitute adequate security:

  1. The pseudonymization and encryption of personal data
  2. The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services
  3. The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident,
  4. A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing

Poland regulation

The Implementing Act does not include any derogations from the GDPR.

Continue reading

  • no results

Previous topic
Back to top