The GP Partners team has unique experience in the legal aspects of cybersecurity. Drawing on 60 years of collective experience in IT, data protection, outsourcing, cloud computing, and cyber security projects, we combine knowledge of regulations applicable to cybersecurity with substantive issues of information security and business continuity. Our attorneys have knowledge that goes beyond regulations, evidenced by imdustry-standard certifications (CAW ISO 27001, IAPP's CIPP/E). We are authors of recognized publications addressing information security issues.
What we offer
- Implementations and audits of regulations related to cybersecurity. Currently we focus primarily on NIS2 and DORA.
- Consulting (including crisis management) in handling cybersecurity incidents such as investigations, action plans, managing relations with clients, contractors and regulators, managing prospective litigation and administrative proceedings.
- Support in proceedings before regulators, litigation and public procurement proceedings related cybersecurity.
- Providing opinions on issues at the intersection of law and technology related to cybersecurity.
Selected experience
- Two compliance audits (and following implementation systems) of the Polish Cyber Security System Act (NIS1) including for the largest bank in Poland, including ISO 27001 and ISO 22301.
- DORA opening audits in banks and payment institutions, adaptation of model contracts of the supplier of key systems for the banking sector to DORA requirements.
- Audit of "Polish API" for compliance with PSD 2 and RTS's requirements.
- Consulting on public procurement – cyber security criteria and conditions.
- Support of hundreds of cloud service deployments – regulatory and operational security assessment.
- Counseling on over 50 cyber security incidents, including those known to the media. Comprehensive support, from internal investigations, identification and qualification of the incident, through contacts and training with affected entities and individuals, to proceedings before regulators and litigation. We know how to counteract the negative consequences and limit the impact of such incidents.
- Hundreds of other implementation and consulting projects in the area of cybersecurity regulation, including RODO, PSD2, KNF Recommendation D, KNF Guidelines on Cloud Computing and others.
Reputation
- "Guide to the GDPR", "Cloud Computing in the Banking Sector. Regulations and Standards", "Handbook of Security in Electronic Communication of an Attorney-at-law Part I and Part II" are recognized publications authored by us, addressing IT and cybersecurity aspects
- We regularly speak at conferences and other industry events, including those organized by the Personal Data Protection Office, What the Hack, The H@ck Summit, CSO Council, Wolters Kluwer Poland, as well as our own initiatives
- We conduct training for both the private and public sectors
- We possess: CIPP/E-IAPP certification, ISO 27001 lead auditor certification, the M. Serzycki PUODO Award, and PUODO references.
