Personal data protection law

  • Why choose us?

    We provide

    • a comprehensive approach to data protection,
    • extensive experience – implementation of the GDPR in more than 100 different entities,
    • professional support in proceedings before the President of the Personal Data Protection Office and in judicial and administrative proceedings,
    • constant control over the timeliness of the proposed solutions,
    • the possibility of obtaining rapid emergency consultation and support during an inspection
  • Cooperation benefits

    Expert support means that a Client can significantly reduce or even completely eliminate the risk of violating personal data processing rules. With the help of our experts, your organization can quickly identify areas which require additional attention. It will also take measures based on informed decisions, knowing that every effort is made to ensure that personal data are secure and processed in accordance with the law.

    Our team ensures the highest quality of service. Our knowledge and skills have been repeatedly recognized in prestigious legal rankings. In 2020, we were mentioned with distinction in The Legal 500 in the category Data Privacy and Data Protection. Xawery Konarski, attorney at law, earned an individual distinction in the 2020 Chambers Europe ranking on the protection of personal data.

    With the support of experts, every company can be confident that it processes personal data in an entirely legal manner.

    There is no point in risking severe fines, which – as practice has shown – are actually imposed.

  • What we do
    • We carry out compliance audits and internal training,
    • We prepare the full documentation, including the privacy policy, data protection policy, security policy, instructions, and internal regulations of an organization,
    • We assist with devising management processes and advise on innovative projects, including cloud computing, big data, data anonymization or the use of biometric data,
    • We draft agreements on the protection of personal data and databases, including agreements on data processing, data sharing, data transfer, intra-corporate contracts, brokerage contracts, etc.,
    • We play a role in the fulfillment of specific data protection obligations, such as managing data breaches or conducting balancing tests,    
    • We advise on the implementation of data protection and privacy with regard to the provision of services by electronic means,
    • We develop a strategy for the cross-border transfer of personal data and binding corporate rules and data transfer agreements, and provide support in obtaining relevant authorizations from the supervisory authority.
  • About this practice area

    Personal data protection has been our forte for years. With the entry into force of the General Data Protection Regulation (GDPR), the legal issues relating to data protection have gained paramount importance. The GDPR has entirely changed the approach to personal data protection, making entrepreneurs and public entities take specific, extensive measures. The requirements increase with the spread of new technologies that use personal data. Activities in this area must be adapted to comply with personal data protection laws.

    We provide a wide range of services related to the implementation and application of the GDPR. We treat personal data as one of the essential assets of an enterprise or information resources of a public entity, requiring protection which invariably depends on the specifics of a particular organization. Our approach brings tangible results to our Clients. We have successfully implemented the GDPR in more than 100 organizations. We have also acted in many proceedings before the President of the Polish Personal Data Protection Office (UODO, formerly the Inspector General for Personal Data Protection) and in judicial and administrative proceedings.     

    Personal data protection measures are required of any entity, whether they run a business activity or perform public tasks. The sector and the size of entity do not matter in this respect. Entrepreneurs and public entities that do not take care to process personal data lawfully may be held liable and run the risk of severe damage to their reputation.