Protection of information and personal data

Details

We provide legal consulting in data protection and information security, including the protection of data processed in IT systems, medical data, data covered by telecommunications and banking secrecy, or measurement data processed in so-called smart grids.

We have extensive experience advising on issues related to information security, personal data processing, and the security of business processes managed through IT systems (cybersecurity), in both small and large organizations.

Our services aim to ensure that the policies, procedures, and documentation applied comply with information and data protection regulations, including the General Data Protection Regulation (GDPR), as well as IT system security (cybersecurity) requirements under the Act on the National Cybersecurity System. This includes ongoing updates to maintain compliance with these regulations concerning the client’s current and planned business activities.

The primary goal of our work is to mitigate and continuously monitor regulatory risks related to potential breaches of EU regulations, national regulations, supervisory practices (including the President of the Personal Data Protection Office), recommendations from regulatory authoritites (e.g., KNF), or other regulatory bodies, internal (corporate) regulations within holdings or corporate groups, and industry-specific best practices and codes of conduct (e.g., IAB recommendations).

We also pay close attention to the current practice of applying personal data regulations in individual cases (decisions, judgments) and continuously analyze statements from advisory bodies such as the European Data Protection Board, the Data Protection Working Group at the Ministry of Digital Affairs, and the European Union Agency for Cybersecurity (ENISA).

When providing our services, we first focus on understanding the scope and business purpose of planned or ongoing projects, then on identifying risks and finding solutions to mitigate or eliminate those risks.

In specific cases, we can propose alternative solutions that reduce regulatory risks and their impact on the client’s business while ensuring that the key business objectives of the project are met. We do not use a one-size-fits-all approach. The approach and level of support are tailored to the specific needs and characteristics of each client.

We are also experienced in creating and reviewing data and proprietary information management models (including internet solutions and cloud computing), considering sector-specific requirements such as those for banking, insurance, and telecommunications (outsourcing).
We advise on the creation or assessment of existing business models for data flows within companies, including innovative IT projects, online advertising (advertising technology), e-administration projects, and within corporate groups and shared service centers (both private and public sectors).

In collaboration with subject matter experts, we also assist in designing and verifying data security measures (e.g., based on CERT, OWASP, and relevant ISO/IEC recommendations).

We review our clients’ documentation, policies, and practices, including business continuity solutions provided by IT systems, such as Business Continuity (BCM). We conduct regulatory compliance audits of data processing (including personal data), as well as audits of IT security procedures, business continuity plans (BCP), and disaster recovery.

We have experience in preparing documentation related to the collection, processing, and sharing of data and legally protected information, including legally required documentation for personal data processing (e.g., information clauses, consent clauses, regulations), data processing agreements, non-disclosure agreements (NDAs), and know-how agreements.

We also assist clients in preparing for and defending their interests in regulatory audits by supervisory authorities, including the President of the Personal Data Protection Office. Additionally, we provide representation in data protection and information security litigation.
We organize and conduct training in our areas of specialization, including tailor-made workshops. The format of the workshops is customized to meet the expectations of the client and the needs of participants. Our workshops are designed to impart practical knowledge and skills in an accessible manner, with a strong emphasis on interactive and client-specific content.

How we can help

  • GDPR audit
  • GDPR implementation
Should you have any questions, please do not hesitate to reach out to us.

Other specializations