Privacy and data protection is our core specialty. We are responsible for the largest GDPR implementations in Poland, we have written best-selling publications on the subject, we support clients in crisis situations (data breaches and related proceedings), and we actively share our knowledge at conferences of the Polish Personal Data Protection Office and other industry events.
What we offer
- Implementation and audits of GDPR, including preparation of external documentation (privacy policies, information clauses) and internal documentation (registers, policies, procedures)
- Support and representation in proceedings before the Data Protection Authority, during Authority inspections, and representation of clients before administrative and general courts
- Providing opinions on complex issues related to personal data protection, including implementation of new processes and solutions, and personal data transfers (DPIA, LIA, TIA)
- Support and crisis management in data breaches and other data protection violations
- Ongoing legal services in personal data protection, including acting as Data Protection Officer (DPO), responding to complaints and requests to exercise GDPR rights
- Reconciling data protection with other areas such us EU AI Act and industry regulations
- Weaponizing data protection and GDPR in conflicts
Selected experience
- Largest GDPR implementations in Poland in energy, banking, and telecommunications sectors; hundreds of GDPR-related opinions, ranging from legal bases for data processing by employers in employee vaccination programs to personal data processing in KYC processes and anti-fraud monitoring of customer transactions in financial markets.
- Consulting on critical data protection breaches in healthcare, BPO, HR, and other sectors
- Representation during Data Protection Authority inspections and in proceedings triggered by personal data protection breaches
- Serving as Data Protection Officer (DPO) for a postal operator and a group of railway infrastructure companies
- Ongoing advisory services for the financial, insurance, energy, manufacturing and infrastructure, telecommunications, and postal operator sectors
- Evaluation of leading global cloud-based video conferencing and email services commissioned by the Polish Bar of Attorneys-at-law published as part of "The Handbook of Electronic Communication Security in Attorney-at-law's Work" Parts I and II
- Contribution to the development of three personal data protection IT systems (Actuality.pl, Lex Ochrona Danych Osobowych, Good Data Protection Standard)
- Over a hundred training sessions on data protection and cybersecurity for Polish and international audiences.
Reputation
- Polish Personal Data Protection Authority Award 2021
- Our "Guide to the GDPR" ("RODO. Przewodnik ze wzorami") is the most widely read book on the GDPR with more than 15 thousand copies sold in 2018 and 2019, holding a position of No 1 legal bestseller 2018 and 2019, recommended by the Polish Data Protection Authority PUODO, our publications and presentations are available, among others, on the PUODO website.
- Advising the European Commission and the Article 29 Working Party (the predecessor to the European Data Protection Board) on the development of cloud computing contract standards and data transfer rules outside the EU, consequently contributing to Articles 20, 28.9 and 82.1 of the GDPR.
- ISO 27001 certified lead auditors.
- We regularly speak at conferences and other industry events, including events organized by PUODO, What the H@ck, The H@ck Summit, CSO Council, Wolters Kluwer Poland and our own initiatives; we lecture data protection at postgraduate programs, on the recommendation of the Polish Bar of Attorneys-at-law we lecture data protection to EU lawyers (TRADATA program).
