No, sharing passwords in Poland is generally illegal under the Act on Combating Cybercrime (2018) and the GDPR, as it violates unauthorized access provisions and data protection obligations. The Polish Personal Data Protection Office (UODO) enforces strict penalties, including fines up to €10 million or 2% of global turnover for GDPR breaches. Recent 2026 amendments to the Cybersecurity Act further criminalize password-sharing practices deemed to compromise system integrity.
Key Regulations for Sharing Passwords in Poland
- Act on Combating Cybercrime (2018): Prohibits unauthorized access to computer systems, treating password-sharing as a potential violation under Article 287 of the Criminal Code, punishable by up to 3 years imprisonment.
- GDPR (Regulation 2016/679): Classifies shared passwords as a breach of data security, triggering mandatory notifications to UODO within 72 hours under Article 33, with fines reaching 4% of annual revenue.
- Cybersecurity Act (2026 amendments): Expands liability to include negligent password-sharing that risks critical infrastructure, imposing administrative fines up to PLN 50 million (≈€11 million) for non-compliance.
Employers and employees must implement multi-factor authentication (MFA) and documented access policies to mitigate legal exposure. UODO’s 2025 guidance explicitly warns against “convenience sharing,” emphasizing that even internal password exchanges may constitute unauthorized access. Third-party service providers handling Polish user data face heightened scrutiny under the amended regulations.