Technology
Personal data protection
We support clients in analysing the compliance of IT solutions with the GDPR and sectoral regulations, preparing appropriate legal documentation. We represent entrepreneurs in their dealings with supervisory authorities. We also help to minimise the risk of financial liability and respond appropriately to security incidents.
Compliance with the GDPR and industry regulations
We support our clients in assessing the compliance of their IT solutions with personal data protection regulations – both the GDPR and sectoral regulations (e.g. financial, medical, telecommunications).
Comprehensive data protection documentation
We prepare and update legal documentation – data processing agreements, information clauses, security policies, activity logs and other documents required by law.
Consulting on system and application design
We work with IT and product teams to design IT systems – from a legal perspective, we help ensure compliance with the principles of privacy by design and privacy by default.
Representation before the UODO and sectoral authorities
We represent businesses in explanatory, control and administrative proceedings before supervisory authorities – both in cases concerning violations and planned activities.
Support in crisis situations
We assist in responding to security incidents (data breaches) – we provide support in analysing obligations, preparing notifications and communications, and liaising with regulators and data subjects.
Minimising financial and reputational risk
We advise on how to reduce the risk of financial penalties and reputational damage by supporting clients in implementing effective preventive measures and internal processes.
GDPR analysis and documentation
We have extensive experience in conducting needs and data processing analyses and developing comprehensive documentation necessary for the processing of personal data by entities from various industries, with particular emphasis on technology companies. We have developed numerous policies related to personal data protection, dedicated consents and documents enabling the fulfilment of information obligations.
Our successes
2019 - 2025 Legal 500
Leading Firm 2019 - 2025 by EMEA Legal 500 Technology Media Telecom (TMT) & Dispute Resolution
Experience
GDPR analysis and documentation
We have extensive experience in conducting needs and data processing analyses and developing comprehensive documentation necessary for the processing of personal data by entities from various industries, with particular emphasis on technology companies. We have developed numerous policies related to personal data protection, dedicated consents and documents enabling the fulfilment of information obligations.
We have developed comprehensive documentation related to the protection of patients’ data – including minors – for a private medical facility dealing with mental health and psychiatric care. We have also developed common rules for the processing of personal data by the capital fund’s subsidiaries in connection with the implementation of obligations under whistleblower protection regulations and the implementation of a uniform platform for whistleblowers’ reporting.
Experience in responding to incidents, inspections and proceedings by the Personal Data Protection Office (UODO)
- We advised employers in cases where the President of the Personal Data Protection Office (UODO) conducted inspections, both planned and unannounced. We helped prepare organisations for inspections, respond to UODO requests and implement corrective measures.
- We participated in the assessment of incidents related to the risk of personal data disclosure by an IT company. We assessed the need to submit a notification to the UODO
- We prepared responses to inquiries from the UODO and individuals whose personal data was processed by a company conducting statistical research on very large groups of respondents, based on the PESEL database
- We negotiated personal data processing agreements for companies in the IT and energy industries and for a retail chain, including agreements related to the mutual disclosure of employee data.
- We prepared comprehensive documentation for a gaming company regarding the outsourcing of data processing to an entity outside the EEA.
- We supported a foreign entity outside the EEA in the process of acquiring employees of a Polish company and the lawful transfer of their data abroad as part of the transaction
Experts
