Five years of the GDPR

An evolution in the law that caused a revolution in people's awareness and their approach to personal data protection. We have been applying the General Data Protection Regulation (GDPR) for five years. With what effect?

Although the GDPR was initially said to be an evolution in data protection provisions, as many similar regulations were already in place, this EU piece of legislation has so significantly affected reality that it has caused a kind of revolution.

What has the GDPR given to us? First of all, awareness of the rights of data subjects has increased significantly. This can be seen in complaints lodged with the supervisory authority or in the way how demands against controllers are formulated. The controllers themselves had to change their approach to personal data protection. While earlier they used standard technical safeguards, reported data filing systems to the supervisory authority and often stopped there, now their activities must be proactive. The GDPR requires continuous analysis of the risks associated with data processing, testing of the safeguards and organisational solutions used, analysing whether certain data are really necessary for specific purposes.

There has been a huge change in the approach to data protection, which, thanks to the principles of privacy by design and privacy by default, is taken into account at the very beginning of data processing – especially where modern technology is applied.

Data protection under the GDPR has therefore become a process, not a one-time activity, which is of great importance for improving the protection of our data.

The GDPR has become a certain benchmark for non-EU countries as well, because it has begun to set directions for changes in the law in many countries around the world. And the principles of this legal act must also be used by be technology companies whose activities have a global reach.

The importance of personal data protection, how the GDPR has affected our reality and what challenges still await us in connection with the practical application of this Regulation are discussed by experts in the video below. Jan Nowak, President of the Personal Data Protection Office and Jakub Groszkowski, Deputy President of the Personal Data Protection Office, share their experiences and observations in this regard as well as: Anna Dudkowska, Director of the International Cooperation and Education Department, Paulina Dawidczyk, Director of the Complaints Department; Adam Sanocki, Director of the Communications Department; Katarzyna Hildebrandt, Deputy Director of the Inspections and Breaches Department.

In the video, other experts also share their experiences from the past five years: Maciej Gawronski, Legal Counsel, GP Partners Gawroński, Biernatowski; Rev. Piotr Kroczek, Church Data Protection Officer, Anna Lewandowska, teacher at Primary School No. 360 in Warsaw; and Xawery Konarski, Attorney-at-Law, Senior Partner at Traple Konarski Podrecki and Partners.

We encourage you to watch the video summarising 5 years of the GDPR (in Polish).