Personal data protection

Current market trends and legislative projects demonstrate how important it is for innovative businesses to address privacy and personal data protection issues as early as during the development of a given project, in line with the concept of privacy by design. Our project teams assist clients in developing privacy-friendly mechanisms, procedures and documentation. We also advise on the identification and management of personal data processing.

The GDPR is directly applicable, i.e. applies directly to all undertakings processing personal data in the EU.

IMPORTANT: It is the responsibility of the undertaking to demonstrate compliance with the GDPR.

High fines, which can reach up to EUR 20 million or 4% of the total annual worldwide turnover of an undertaking, make personal data protection compliance vital for your company.

How can we help you?


  • Prepare and conduct a data protection audit.
  • Advise on the development and implementation of personal data security standards.
  • Prepare personal data processing documentation.
  • Conduct relevant risk analyses or data protection impact assessments where required by law.
  • Provide comprehensive advice on transactions involving access to personal data.
  • Provide full support in projects involving the transfer of personal data to third countries (in particular with regard to cloud computing and other IT solutions).
  • Advise you in the event of a personal data breach; if necessary, and should you decide to do so, we will report the breach to PUODO (President of the Personal Data Protection Office) on your behalf.
  • Prepare and train a person within your organisation to act as Data Protection Officer or coordinator, or will take on this role ourselves if you so decide.
  • Provide training on data protection for your staff and associates.
  • Audit processors who process personal data controlled by your company.
  • Represent you in proceedings before the PUODO and other administrative and court proceedings concerning personal data.

Selected experience

Financial sector company

Carrying out a post-implementation audit together with recommendations regarding the exercise of the rights of data subjects.

Real estate developer

Full implementation of the GDPR requirements in the Company, preparation of internal documentation, conducting employee training. Acting as Data Protection Officer, providing comprehensive advice on personal data protection.

Real estate developer

Post-implementation audit of GDPR requirements in the Company, preparation of internal documentation, acting as Data Protection Officer. Providing comprehensive advice on personal data protection.


Performing a comprehensive post-implementation intragroup audit of the Company (Polish national airline).

Swedish distributor of dietary supplements

Legal advice to a Swedish distributor of dietary supplements on Internet sales activities. Legal assistance on personal data protection.

Manufacturer and seller of jewellery

Carrying out a GDPR post-implementation review, advice on the identification and recording of personal data processing. Ongoing and comprehensive support in the processing of personal data.

Architectural and engineering services company

Advice in the course of implementation of GDPR requirements; ongoing legal advice on personal data protection in the context of the Company’s cross-border operations.

Leading airport

Providing advice on personal data processing in specific cases as requested by the Client. Preparing specialist legal opinions.

Financial broker

Providing advice on personal data protection and electronic services, carrying on business activity on the Internet, including regulations and privacy policies.

A Japanese architectural, civil engineering and general contracting group company

Conducting a full audit of the compliance of personal data processing with GDPR requirements, and providing recommendations. Providing comprehensive and ongoing advice on personal data protection.

Fertiliser manufacturer

Assisting the client in the integration and obtaining of personal data from distributors. Conducting an analysis of risks and appropriate legal grounds for processing. Preparing full documentation.

Gaming industry manufacturer

Ongoing and comprehensive advice on personal data processing.

Manufacturer of continuous flow water heaters and filtering systems

Ongoing and comprehensive advice on personal data processing.

IT company

Ongoing and comprehensive advice on personal data processing.

Leading Polish company of the lighting industry

Providing support in streamlining the GDPR procedures and selecting mechanisms of personal data processing and protection appropriate for the Company’s operations.

GDPR news

CJEU judgment on data transfer to the USA

On 16 July the Court of Justice of the European Union announced its judgment in Case C-311/18 (Data Protection Commissioner/Maximilian Schrems and Facebook Ireland)   What did the Court decide? The Court of Justice invalidated Commission Decision 2016/1250 on the...

Return to a new “normality” at work

Due to the SARC-CoV-2 pandemic, measures to prevent the spread of the disease have been implemented in Poland. Regardless of whether the hazard takes a chronic form or whether it is possible to quickly eliminate the pathogen from public spaces, the time to return to...