Dominika Nowak-Byrtek

Attorney-at-lawManaging Associate

Bio

Her fields of specialization include personal data protection law and a broad range of new technologies law issues. She has experience in advising Polish and international Clients, primarily on matters concerning personal data protection law, including on the implementation of the General Data Protection Regulation (GDPR): preparing personal data processing documentation, audits, and drafting legal opinions for entities operating in the Internet, Medical, Telecommunications, and other industries, as well as on matters concerning a broad range of new technologies law issues, administrative law, and access to public information. She advises and represents Clients in proceedings before the President of the Personal Data Protection Office (UODO) and before administrative courts.

Dominika Nowak is the author of publications concerning personal data protection law, including articles in the Ochrona Danych Osobowych quarterly published by the Wiedza I Praktyka publishing house.

She is a graduate of the Faculty of Law and Administration at the Jagiellonian University in Kraków (2013). She was awarded an Erasmus scholarship at the University of Tilburg (the Netherlands). In addition, she has studied at the School of American Law operated by the Catholic University of America, Columbus Law School in Washington, DC, and the Jagiellonian University.

She is fluent in English.


Related news

Blog 7
14 Mar 2024

Sector audit plan: How to prepare for the audit carried out by the President of the PPDPO?

The President of the Polish Personal Data Protection Office has published the annual sector audit plan for 2024. Entities processing personal data using Internet (web) applications and private entities in the extent of fulfilling information obligations under Articles 13-14 of the GDPR should be prepared for the audit.

12 Sep 2023

The European Commission has issued a decision on the adequate level of protection under the EU-US Data Privacy Framework

The Commission’s decision of 10 July, 2023, on the adequate level of protection of personal data under the EU-US Data Privacy Framework restores legal certainty for businesses that transfer personal data to US-based entities in the course of their activity.

21 Dec 2022

Privacy issues in new rules on remote work and sobriety checks

New rules on remote work and sobriety checks at the workplace will soon be adopted. Employers will be required to adopt internal regulations on remote work and a procedure for the protection of personal data when work is performed  remotely. As for sobriety checks, employers will need to add sobriety check rules to work regulations and will be allowed to collect limited employee data in this respect.

28 Oct 2022

The Polish DPA fines a controller for not verifying a processor and for not concluding a data processing agreement

In September, the Polish DPA issued a decision fining a controller (a cultural institution) PLN 2500 for engaging a processor without concluding a data processing agreement in writing and without verifying whether the processor provided sufficient guarantees for the implementation of appropriate technical measures.

01 Jun 2022

The Polish DPA fines both the controller and the processor for the first time

In January 2022, the Polish DPA issued a decision in which it imposed an administrative fine on both a controller (Fortum Marketing and Sales SA) and a processor (Pika sp. z o.o.). The controller was fined over PLN 4,900,000 (around EUR 1,050,000) – the highest fine imposed by the Polish DPA yet – and the processor was fined over PLN 250,000 (around EUR 53,000). This decision is important for both controllers and processors.

29 Apr 2022

Data controllers have to verify processors under GDPR – some remarks on Fortum case

In a decision of 19 January 2022, the President of the PDPO placed an administrative fine of PLN 4 911 732 on Fortum Marketing and Sales Polska SA as a controller, and PLN 250 135 on PIKA sp. z o.o. as a processor. In this case, the President of the PDPO imposed the highest fine yet imposed on a controller. This is an important decision both for users of outsourcing services and service providers.

04 Apr 2022

Sectoral inspections planned by the President of the Personal Data Protection Office in 2022

Banks and entities providing mobile applications should prepare for possible inspections by the Personal Data Protection Office (DPA). We present the scope of potential inspections and tips on how to prepare below.

Meet our team