The Constitution of the Republic of Poland states:
- Everyone shall have the right to legal protection of his private life and family life, of his honour and good reputation and to make decisions about his personal life. (Article 47)
- Public authorities shall not acquire, collect or make accessible information on citizens other than that which is necessary in a democratic state ruled by law. (Article 51 point 2)
- Everyone shall have a right of access to official documents and data collections concerning him. Limitations upon such rights may be established by statute. (Article 51 point 3)
- Everyone shall have the right to demand the correction or deletion of untrue or incomplete information, or information acquired by means contrary to statute.(Article 51 point 4)
Since the 29th of August 1997, the Act on Protection of Personal Data has been in force. Under this Act the Inspector General for Personal Data Protection (GIODO) was established.
On May 10, 2018, the Sejm passed a new law on the protection of personal data, which ensures the application of the regulation of the European Parliament and of the Council (EU) 2016/679 on the protection of personal data in Poland and establishes a new authority competent for the protection of personal data – the President of the Office for Personal Data Protection. The act entered into force on May 25, 2018. Until now, there has not been any significant impact of this law on cultural organisations.