Commentary of the Polish Inspector General after the judgment in case C-362/14 (Safe Harbor program) In November, the Inspector General for the Protection of Personal Data in Poland issued an official announcement regarding the transfer of personal data after the judgment in the case Maximillian Schrems v. Data Protection Commissioner (C-362/14). This commentary is a part of an information campaign which is being carried out at national level by all members of the Article 29 Working Party. The Inspector General wrote that, taking into account the fact that The Court of Justice of the European Union did not decide to defer the effectiveness of the abovementioned judgment, the transfer of personal data based solely on the Safe Harbor program has been illegal since the issuance of that judgment. In accordance with this, the Inspector General will take action every time the Inspector General receives a complaint regarding the transfer of personal data to a third country based solely on the Safe Harbor program, even though such complaint will have been received before 1st February 2016. This date was provided in the announcement of 16th October 2015 of the Article 29 Working Party and, due to the Inspector General, shall be interpreted as the date by which the appropriate authorities of the Members States will not initiate by themselves any actions against data controllers in this regard. Thus, the Inspector General will control data controllers in this regard solely after the complaints of data subjects. It is worth noting that the transfer of personal data to Argentina, Switzerland, Canada, Australia, New Zealand, Israel, Jersey, Guernsey, the Isle of Man and the Faroe Islands will be the same as today. These countries shall be treated as ensuring an adequate level of data protection. The judgment has no effect on other legal bases for such transfer (e.g., the binding corporate rules). Moreover, in Poland the Inspector General is not entitled to directly impose administrative penalties for such breaches. However, in the case of infringement of personal data protection legislation, the Inspector General shall order the lawful situation to be re-established. If such decision is not executed by the data controller, then administrative fines up to the amount of approximately 50,000 Euro may be imposed. For more information, please contact Wiktor Krzymowski or Radosław Nożykowski.