Abstract

The article presents key issues associated with the application of the GDPR in the public sector and indicates those areas in which the implementation of the regulation arouses specific interpretational problems. The analysis is preceded by an attempt to determine how effectiveness of regulation should be understood and a statement that the effectiveness of the GDPR in the public sector is problematic with a view to the fact that the Regulation does not take into account the specificity of public authorities and public organisational units, thus petrifying the state of uncertainty which occurred also under the previously applicable personal data protection regulations. In particular, the following issues have been presented: the problem with unequivocal identification of a controller, the issue of personal data processing by the processor and the legal ground for the relationship of assigning the processing, problems with determining the premises for admissibility of personal data processing, uncertainty as to the scope of necessary technical and organisational resources the application of which is the duty of the public controller, as well as the reflection on the need to appoint a data protection officer in every public entity. The author also postulates to return to the concept of so-called free data, i.e. such information about individuals holding public offices or public figures which may be freely processed in a manner not subject to the GDPR.