Katarzyna Syska



Katarzyna Syska specializes in personal data protection law and in a broad range of new technologies law issues. She advises companies in various sectors, especially e-commerce, IT, insurance, banking, and the medical sector. Before joining the Law Firm, Katarzyna worked at another law firm, where she handled data protection, e-commerce, and intellectual property cases. She spent almost two years working in Brussels, where she dealt with European policy concerning data protection law, ICT regulation and intellectual property. She was an intern at the European Commission, at the Directorate-General Justice.

Katarzyna is a member of the International Association of Privacy Professionals and SABI – the Association of Data Protection Officers.

She is an author of many articles concerning privacy and data protection law, including the Guide on the GDPR for lawyers. She speaks at conferences and training in Poland and elsewhere.

She is a graduate of the Faculty of Law and Administration at the University of Warsaw, and spent a year at the Faculty of Law at the Robert Schuman University in Strasbourg, France. She also holds a certificate in American Law Studies awarded jointly by the University of Warsaw and Florida University. She completed postgraduate studies in ICT and media law (magna cum laude) at the Catholic University of Leuven, Belgium.

She is fluent in English and speaks French.

Related news

Blog 4
28 Oct 2022

The Polish DPA fines a controller for not verifying a processor and for not concluding a data processing agreement

In September, the Polish DPA issued a decision fining a controller (a cultural institution) PLN 2500 for engaging a processor without concluding a data processing agreement in writing and without verifying whether the processor provided sufficient guarantees for the implementation of appropriate technical measures.

01 Jun 2022

The Polish DPA fines both the controller and the processor for the first time

In January 2022, the Polish DPA issued a decision in which it imposed an administrative fine on both a controller (Fortum Marketing and Sales SA) and a processor (Pika sp. z o.o.). The controller was fined over PLN 4,900,000 (around EUR 1,050,000) – the highest fine imposed by the Polish DPA yet – and the processor was fined over PLN 250,000 (around EUR 53,000). This decision is important for both controllers and processors.

05 Nov 2021

Legal uncertainty over collection of information on vaccination against COVID-19 by employers

Although a significant number of SARS-CoV-2 infections occur in the workplace, there are still no regulations in Poland allowing employers to collect information on their employees’ vaccine status. This creates legal uncertainty for employers.

08 Jun 2021

Court ruling confirms that an inspection by the DPA cannot be questioned or impeded

The court ruling confirms that the inspected entity cannot question the reasons for the inspection of the DPA or its scope.

Meet our team