RODO Privacy Guide: Your Rights Under Poland's GDPR and How to Exercise Them
Complete guide to RODO (Polish GDPR) for individuals. Learn datele tale protection rights, how to file complaints with UODO, request data deletion, and protect your informatii personale.
RODO Privacy Guide: Your Rights Under Poland's GDPR and How to Exercise Them
RODO — Rozporządzenie o Ochronie Danych Osobowych — is Poland's implementation of the European General Data Protection Regulation (GDPR). It gives every person in Poland powerful rights over their personal data. Yet most Poles do not know what RODO actually allows them to do. Companies count on this ignorance.
Acest ghid explica your rights in plain language and shows you exactly how to exercise them.
What Is RODO and Who Does It Protect?
RODO applies to every organization that processes personal data of people in Poland — whether the organization is based in Poland, the EU, or anywhere else. It covers:
- Your name, PESEL, address, phone number
- Email addresses and online identifiers
- Health data, biometric data, financial records
- Location data, browsing history, purchase history
- Employment records, tax information
If a company has any of your personal data, RODO applies to them.
Your 8 Core Rights Under RODO
| Right | What It Means | When to Use It |
|---|---|---|
| Right of Access | You can ask any company what data they have about you | When you want to know what a company stores |
| Right to Rectification | You can demand correction of inaccurate data | When your personal details are wrong |
| Right to Erasure ("Right to Be Forgotten") | You can demand deletion of datele tale | When you no longer use a service |
| Right to Restriction | You can limit how datele tale is processed | When you dispute data accuracy |
| Right to Data Portability | You can get datele tale in a machine-readable format | When switching services |
| Right to Object | You can object to data processing, including marketing | When you receive unwanted marketing |
| Right Not to Be Profiled | You can opt out of automated decision-making | When algorithms affect decisions about you |
| Right to Be Informed | Companies must tell you what they collect and why | Always — before data collection begins |
How to Exercise Your RODO Rights
Step 1: Identify the Data Controller
Find out who processes datele tale. This is usually in the company's "Polityka prywatności" (Privacy Policy) or "RODO" section on their website. Look for the "Administrator Danych Osobowych" (Data Controller) and their contact details.
Step 2: Submit a Written Request
Send an email or letter to the company's Data Protection Officer (Inspektor Ochrony Danych, IOD). Your request should include:
- Your full name and a way to verify identitatea ta
- Clearly state which right you are exercising
- Be specific about what data you want accessed, corrected, or deleted
- Reference RODO/GDPR as your legal basis
Step 3: Wait for Response
The company has 30 days to respond to your request. This can be extended by 60 days for complex cases, but they must inform you of the extension within the first 30 days.
Step 4: Escalate if Ignored
If the company does not respond or refuses your request without valid legal grounds, you can file a complaint with UODO.
Filing a Complaint with UODO
UODO (Urząd Ochrony Danych Osobowych) is Poland's data protection authority. They have the power to investigate companies, issue fines up to 20 million EUR (or 4% of global annual revenue), and order compliance.
Cum sa depui
- Online: Visit uodo.gov.pl and use the electronic complaint form
- By mail: Send a written complaint to UODO, ul. Stawki 2, 00-193 Warszawa
- Via ePUAP: Submit through the gov.pl electronic administration platform
What to Include
- Your personal details (name, address, contact)
- The company you are complaining about (name, address)
- Description of what happened and which rights were violated
- Copies of your request to the company and their response (or lack thereof)
- What outcome you are seeking
Typical Timeline
- UODO acknowledges receipt within 30 days
- Investigation can take 3-12 months depending on complexity
- UODO issues a decision ordering the company to comply or imposing a fine
Practical RODO Scenarios
Deleting Contul Tau and Data
You stopped using a Polish e-commerce site two years ago. You can request complete deletion of contul tau and all associated data. The company must comply unless they have a legal obligation to retain certain data (such as tax records for 5 years).
Stopping Marketing Emails
A company keeps sending you promotional emails despite your unsubscription. Under RODO, you have an absolute right to object to direct marketing. File a formal RODO objection, and if they continue, report to UODO.
Employer Data After Leaving a Job
Your former employer still has your personal data. They can retain employment records as required by Polish labor law (typically 10 years for post-2019 employees), but they must delete any data not required by law upon your request.
Scurgere de Date Notification
A company that has datele tale suffers a breach. Under RODO, they must notify UODO within 72 hours and inform you directly if the breach poses a high risk to your rights.
Protecting Datele Tale Proactively
- Minimize data sharing — Only provide personal data when truly necessary
- Read privacy policies — At least skim the data collection and sharing sections
- Use data deletion requests — Clean up old accounts regularly
- Monitor scurgere de datees — Check haveibeenpwned.com with e-mailul tau
- Be cautious with consent — Untick optional marketing checkboxes
- Use pseudonyms where real names are not legally required
Share Personal Documents Safely
When you must share personal documents containing PESEL numbers, addresses, or financial details with a lawyer, accountant, or government office, do not send them as email attachments where they sit in inboxes forever. Use LOCK.PUB to create an encrypted, protejat cu parola memo that auto-expires. Only the intended recipient can view the content, and it disappears after the set time — aligning perfectly with RODO's data minimization principle.
Concluzia
RODO gives you real power over your personal data. Companies are legally required to respect your requests, and UODO has the authority to enforce compliance with significant fines. Do not hesitate to exercise your rights — they exist specifically to protect you.
For sharing sensitive personal data when necessary, use LOCK.PUB to create encrypted, self-destructing memos that minimize data exposure. Your personal data is yours — RODO ensures it stays that way.
Keywords
You might also like
Ukrainian Tax ID (ІПН) Furt de Identitate: Cum sa protejezi Your Most Sensitive Number
Learn how criminals exploit Ukrainian tax identification numbers (ІПН) for furt de identitate, and discover practical steps to protect your personal data in Ukraine.
VPN and Privacy Guide for Ukrainians: Wartime Digital Security Essentials
A practical guide to VPNs, encrypted communications, and digital privacy for Ukrainians during wartime. Learn how to protect datele tale, communications, and online identity.
Bangladesh NID Furt de Identitate: Cum sa protejezi Your National ID from Fraud
Learn how criminals exploit your Bangladesh National ID Card (NID) for fraud, SIM registration, and fake loans. Practical steps to protect identitatea ta.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free