Personal Data and Privacy Protection – Your Rights Online

Spis treści

Welcome to the digital world, where your personal data is more valuable than you might think!

This knowledge snapshot will help you understand what personal data really is, how to protect it, and what rights you have online.

WHAT ARE PERSONAL DATA?

Personal data is any information that allows the identification of a specific person. These can be obvious pieces of information, such as:

  • first and last name
  • national identification number (PESEL)
  • home address
  • phone number
  • e-mail address
  • computer IP address
  • ID card number
  • information about health, beliefs, or religion – so-called sensitive data

There is no closed list of information that counts as personal data!

Personal data can appear individually (e.g., just a first name) or in a combination that allows a person to be identified (e.g., first name, last name, and address).

WHAT LEGAL ACTS PROTECT OUR PERSONAL DATA?

International Law

GDPR – the General Data Protection Regulation adopted by the European Parliament and the Council of the European Union (2016/679), which came into force in all EU member states, including Poland, in 2018. It is your digital protective umbrella – a law that shields you from the improper or irresponsible use of your data by other entities.

Thanks to GDPR:

  • You have the right to know who will process your data.
  • Your data can only be processed for a specified purpose.
  • You can request correction or deletion of your data.
  • Your data cannot be shared with people or companies that do not have the right to access it.
  • Entities processing your data must inform you about any breaches, e.g., if your data is leaked.
National Law

Article 47 of the Constitution of the Republic of Poland: “Everyone shall be guaranteed freedom and protection of the secrecy of communication.” Article 47 provides a legal basis for protecting communication and privacy in everyday life. Combined with GDPR and the national Data Protection Act, it creates a coherent system that allows citizens to control who can use their data and for what purpose.

Act of May 10, 2018, on the Protection of Personal Data – the Polish law implementing GDPR (though the regulation can be applied directly if there is a conflict with the law). Its aim is to ensure that all personal data of Polish citizens is protected and that institutions and companies process it legally.

OUR PERSONAL DATA IS THE MOST VALUABLE CURRENCY

Think of your personal data as the keys to a treasure chest. Giving them to just anyone who asks could lead to theft or fraud. Online, it works in a very similar way – protecting your data is your way of maintaining control and security in other areas of life, even beyond the internet.

HOW TO PROTECT YOUR DATA?

  • Do not share your personal information with strangers or untrusted entities online or over the phone.
  • Read terms of service and privacy policies carefully before accepting them.
  • Use strong, unique passwords – different for each platform.
  • Set your social media accounts to the highest privacy settings.
  • Think twice before sharing anything – once it’s online, it can stay there forever.
  • Limit the amount of personal information you provide on public online services.

WHO ENSURES THAT OUR DATA IS PROPERLY PROTECTED?

  • Personal Data Protection Office (UODO)

The authority that monitors compliance with GDPR and other laws guaranteeing specific rights and standards regarding personal data protection and the right to privacy.

There are also organizations such as the European Data Protection Supervisor (EDPS), an independent supervisory authority responsible for ensuring that personal data is processed lawfully within European Union institutions and bodies. Its role is to make sure that data processing in the EU complies with the law.

  • Data Controller 

A person or company that decides why and how data is processed (e.g., a school, online store, doctor).

  • Data Protection Officer (DPO)

A person within an organization who ensures that data is processed according to legal requirements.

  • Data Processor

e.g., an IT company that processes data on behalf of the controller.

KEY PRINCIPLES OF PERSONAL DATA PROCESSING

  • Lawfulness – data must be collected in accordance with the law.
  • Purpose limitation – data is collected for a specific purpose.
  • Data minimization – only the data necessary for the purpose should be collected.
  • Accuracy – data must be up-to-date and correct.
  • Storage limitation – data should be kept only as long as necessary.
  • Confidentiality and security – data must be protected against unauthorized access.

EXAMPLES OF PERSONAL DATA PROCESSING IN DAILY LIFE

  • Registering at the school library – you provide your first name, last name, and student ID number. Later, based on the list of borrowed books, someone could infer your possible views and beliefs, which are also protected.
  • Creating an account in an online store – you provide shipping details, such as your home address, and payment information, like your debit card number.

Everyone whose data is processed has the right to:

  • access their data
  • correct (rectify) their data
  • have their data deleted (“the right to be forgotten”)
  • restrict data processing
  • transfer their data
  • object to data processing
  • file a complaint with the Personal Data Protection Office (UODO) if the data is used unlawfully

RISKS ASSOCIATED WITH IMPROPER PERSONAL DATA PROCESSING

Personal data can be misused if it is not properly protected.

Dangerous situations include:

  • Phishing – scammers impersonate a bank or institution to steal your data
  • Data breaches – e.g., hackers break into a store’s database and steal customer information
  • Identity theft – e.g., someone uses your personal data to take out a loan
  • Sharing data on social media – e.g., posting a photo of your student ID on Instagram
  • Unintentional consent – accepting terms and conditions without reading them, thereby agreeing to data processing for marketing purposes

How to Protect Yourself? Safe Rules for Everyone:

  1. Do not share your personal data with strangers, even online.
  2. Use strong passwords (letters, numbers, special characters).
  3. Do not click on suspicious links in emails or messages.
  4. Do not post information online that could make it easy to identify you (e.g., school, address, photos of documents).
  5. Check carefully who and for what purpose you are giving consent for data processing.
  6. Report to a teacher or parent if something worries you.

Personal Data and Privacy Protection – Your Rights Online

1 / 5

Which action is the safest online?

2 / 5

What does the principle of data minimization mean?

3 / 5

Which institution in Poland is responsible for data protection?

4 / 5

What does GDPR (RODO) give you?

5 / 5

Which of the following is an example of sensitive data?

Your score is

The average score is 0%

0%

Scroll to Top