Abstract

The institution of transfer of personal data for processing involves processing of personal data by a processor on behalf of the administrator. The transfer involves many legal obligations (inter alia, contractual obligations, public law obligations, obligations connected with personal data safeguards) which should be met by the administrator and the processor. This article discusses issues connected with contracts for transfer of personal data for processing which arise from the Polish Personal Data Protection Act, Directive 95/46 and the General Data Protection Regulation. The Regulation 2016/679 significantly expanded, as compared with Directive 95/46 and the Polish Personal Data Protection Act, contractual obligations and rights imposed and granted to both the administrator and the data processor. The obligations and rights have been outlined and discussed in this article together with suggestions as to how to adapt the Polish Personal Data Protection Act to the Regulation 2016/79.