Abstract

Regulation 2016/679 redefines the territorial scope for the application of personal data protection provisions. First of all, in an attempt to provide better protection in the digital world the principle of territoriality, present already in Directive 95/46/EC and in the Polish statute, has been supplemented with the criterion of aiming. At the same time, the Polish translation of the term “establishment”, which is of key importance for appropriate interpretation of that scope, was changed to “organizational entity”, which is well grounded in the Polish legal system. The article analyses the above issues and positively evaluates the changes; it also stresses that the notion of an “organizational entity” in the Regulation 2016/679 should be considered as autonomous for EU personal data protection law.