The purpose of this paper is to illustrate how the General Data Protection Regulation (GDPR), now implemented in the Polish legal system, strengthens protection in the collection, processing, storage and transfer of digitised personal data. This undoubtedly represents a step forward in the furtherdevelopment of the way sensitive data is handled while at the same time providing a better understanding of the functioning of the information society, both throughout the EU in general and in Poland specifi cally.