Data protection

We assist clients from all industries in identifying and developing the proper instruments to ensure that their operations comply with data protection requirements, with particular attention to the requirements of the EU’s General Data Protection Regulation.

We conduct legal audits of data processing documentation and procedures for compliance with GDPR requirements.

In cooperation with clients, we identify categories of data processed by clients, as well as the scope and aim of processing of data, in order to assess whether processing is conducted within legally permissible bounds. We also propose remedial measures when necessary.

We draft the full documentation for protection of personal data compliant with the GDPR, including IT policy, privacy policy, policy for exercising of data subjects’ rights, data processing agreements, clauses on consent to processing of data, information clauses and procedures for reacting to incidents.

During audits for verification of the compliance of clients’ operations with the GDPR, we cooperate with external firms specialising in cybersecurity and protection of digital data. This enables us to identify and minimise risks associated with breaches of data security.

In our practice we have represented clients in proceedings before the Polish data protection authority for registration of filing systems and data protection officers, and also during inspections and post-inspection proceedings.

We advise on the grounds under which a data controller can transfer personal data outside the European Economic Area. We assist in drafting binding corporate rules and obtaining approval of binding corporate rules by the supervisory authority.

We conduct training on data protection in compliance with the GDPR, in particular training on GDPR audit and implementation.