As a result of the aggression of the Russian Federation on Ukraine, on 24 February 2022, almost 2 million refugees from Ukraine found shelter from war in Poland. This forced our State to develop legal solutions addressed to the said group of foreigners. On 12 March 2022, a special act entered into force retroactively from the date of commencement of the Russian aggression against Ukraine, i.e. from 24 February 2022, and created a legal basis for legalization of residence in the Republic of Poland for persons coming from Ukraine.
Pursuant to Article 4(1) of the special act, each Ukrainian citizen legally residing in the Republic of Poland will receive, upon application, a PESEL number, allowing them to create a trusted profile (ePuap), work legally, have the right to education, as well as be able to start and run economic activity in the Republic of Poland on the same principles as Polish citizens.
Please note that people who have found refuge in the Republic of Poland due to the armed conflict in Ukraine have full right to the protection of their personal data based on the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – GDPR).
The Data Protection Office has activated a special email address for Ukrainian citizens residing in Poland so that they can get the necessary information on the processing of personal data: forukraine@uodo.gov.pl.
A special guide in Ukrainian and English has also been published to inform Ukrainian citizens about their rights under the GDPR. Link to the guide: https://uodo.gov.pl/pl/file/3979
Many institutions in Poland have engaged or have been engaged in providing humanitarian assistance to Ukrainian citizens, and this undoubtedly implies the processing of personal data. The general provisions applicable under international law, including the provisions of the GDPR (as per recital 46 of the GDPR), will apply in this respect.
Under the provisions of the GDPR, the information duty must be complied with unless one of the grounds that provides for the possibility of exemption from this duty is present. Pursuant to Article 12 of the GDPR, the controller shall take appropriate measures to provide the data subject with all information referred to in Articles 13 and 14 in a concise, transparent, intelligible and easily accessible form and in clear and plain language, and to conduct all communications with the data subject pursuant to Articles 15 to 22 and 34 on the processing. The controller should therefore adapt to the recipients of this information. Otherwise, the controller will not be able to prove that the principle of transparency and accountability has been met.
The processing of personal data, e.g. assistance provided to Ukrainian citizens, should always be reviewed by the controller and reflected in the register of processing activities kept by the controller. A properly designed and prepared register of data processing activities helps, for example, to draft an information clause addressed to data subjects.
Our Law Firm provides services concerning the GDPR, which include the verification of the correctness of personal data processing operations. Please contact us to request our services.