Ustawa o ochronie danych osobowych z 2018-05-10
National implementation of GDPR; UODO as supervisory authority.
Monitor Polski 4notify
Rzeczypospolitej Polskiej · Issued by the Republic
JAWNE · Urząd Ochrony Danych Osobowych (UODO)
Item
MP-PL-005
Date
2026-05-27
Effective
2026-01-01
Status
In force
GDPR, UODO and direct marketing — fines, soft opt-in and 72-hour data breach notification
The Personal Data Protection Office (UODO) enforces GDPR in Poland together with the Personal Data Protection Act 2018. For marketing communication, the Telecommunications Law art. 172 applies (opt-in requirement + soft opt-in for existing customers). PDGR (Polish General Registers Department) operates the Telemarketing Poland registry. 4notify integrates everything automatically.
EmailSMSWebhook
Preamble
Pursuant to the General Data Protection Regulation (EU 2016/679), the Personal Data Protection Act 2018 (Journal of Laws 2018 item 1000) and Telecommunications Law art. 172, the President of the Personal Data Protection Office issues the following Notice.
Cited statutes
Prawo telekomunikacyjne art. 172
Opt-in requirement for marketing, soft opt-in for existing customers with similar products.
RODO art. 33 (72h powiadomienie)
72-hour UODO breach notification; data subject notification at high risk.
Implementation
01
Lawful basis registration per delivery
Every envelope carries one of six GDPR bases; locked at template registration.
02
Soft opt-in qualification
For marketing to existing customers, soft opt-in (similar products + clear opt-out) verified at envelope; non-qualifying dispatches blocked.
03
Telemarketing Poland cross-check
PDGR Telemarketing Poland registry checked pre-send; registered numbers excluded.
04
72-hour breach notification
Every envelope incident generates webhook to DPO within 1 hour for 72-hour UODO notification.
Delivery envelope
json
{
"zdarzenie": "doreczenie.envelope_consent",
"administrator_id": "PL-CTRL-12345",
"podstawa_prawna": "soft_opt_in",
"soft_opt_in_dowod": {
"wczesniejsza_transakcja": "ZAM-2025-09-14-94821",
"podobne_produkty_match": true,
"opt_out_link_obecny": true
},
"telemarketing_polska_check": "zaliczony",
"doreczenie": { "kanal": "email", "szablon": "promo_swieta_v2" }
}Sample message
EmailSubject: Your marketing preferences have been updated
Dear Sir or Madam, your marketing consent has been withdrawn with immediate effect. You will no longer receive marketing messages, but transactional notifications (order confirmations, delivery alerts) will continue to be delivered. For other GDPR rights, including right to be forgotten, contact: [email protected].
Compliance checklist
- UODO controller registration current
- DPO configured
- Soft opt-in evidence per marketing dispatch stored
- 72h notification webhook reachable
What 4notify does differently
4notify is the only A2P provider with per-envelope soft opt-in evidence, live Telemarketing Poland mirror at API edge and 72-hour UODO notification via webhook.
FAQ
Does soft opt-in apply to SMS?
Yes — Telecommunications Law art. 172 covers SMS, MMS and OTT messengers.
What are UODO fines?
Up to EUR 20 million or 4% of global turnover (whichever higher) per GDPR art. 83.
By authority of
the Notify Ministry
2026-05-27 · MP-PL-005
Start free
14 days, no card. Polish + English support during working hours.
Other Notices
MP-PL-001 · Banking & Payments
PSD2 Strong Customer Authentication: delivery of one-time codes for BLIK, Elixir and Polish banks over Orange, Play, T-Mobile and Plus
MP-PL-002 · Telecommunications
UKE numbering plan, alphanumeric Sender ID and ban on CLI spoofing in SMS-A2P traffic to Poland
MP-PL-003 · Tax & Customs
KSeF National e-Invoicing System, structured e-invoice and 2026 mandate — implementation deadlines, receipt obligation and delivery to Polish SMEs
MP-PL-004 · Public Administration