Data protection

Personal data protection, GDPR

Our approach

When advising on personal data protection and information security, we combine knowledge from multiple fields, recognizing risks and obligations from various legal perspectives.

For whom?

Personal data protection and information security are obligations for every entrepreneur. Therefore, our advisory services are directed at various business entities, including large listed companies and capital groups.

We treat personal data as part of a broader policy of confidentiality, trade secrets, and protection of the controller’s assets.
Ludmiła ŁuczakPartner, legal counsel

Benefits

We provide companies with full data protection support, ensuring information security and building trust in business relationships.

Experience and know-how

We have carried out dozens of GDPR implementations in listed companies, industry leaders, and international capital groups. We have been involved in data protection long before GDPR came into force, creating pioneering solutions that are now used by others.

Comprehensive data protection

Our personal data protection advisory covers not only expert knowledge from various areas of law but also practical support for Data Protection Officers (DPOs), performing the DPO function, and assistance with the technological aspects of data protection within the company.

Trusted advisors

Our support in personal data protection and information security has been repeatedly recognized by clients and international rankings such as The Legal 500.

Services

We provide comprehensive advisory services in personal data protection and GDPR – from audits to ongoing support and crisis management.

Data protection audits

We conduct comprehensive audits of data protection and GDPR compliance. In cooperation with top IT-security specialists, we verify not only legal compliance but also offer full support including IT safeguards.

Implementation of GDPR-compliant data protection systems

We implement data management and protection systems from scratch, including in capital groups, taking into account international data transfers.

Risk analysis / DPIA

We identify processing activities that require in-depth risk analysis – DPIA, especially those involving innovative technological and organizational solutions or automated decision-making.

Design and negotiation of key contracts

We support contracts related to data transfers, outsourcing of key IT services, NDAs, and standard data processing agreements. We advise on vendor selection and IT contract negotiations.

Crisis management

We assist in managing data protection incidents, communication with the President of the Personal Data Protection Office (UODO) and the President of the Office of Competition and Consumer Protection (UOKiK). We provide advisory services during inspections and help organize inspection simulations to prepare for such events.

DPO services

We offer ongoing support for Data Protection Officers, providing constant contact and assistance. We can also act as DPOs – including for international capital groups with multi-billion capitalization.

Profiling and loyalty programs

We assist in implementing user-tailored marketing through support in designing digital marketing and loyalty programs. We help negotiate contracts with operators of the largest marketing databases in Poland.

Practical workshops

We conduct personal data protection training that combines theoretical knowledge with practice. We provide concrete guidance and discuss case studies tailored to the client’s company and industry.

Completed projects

We help protect data, ensuring the security of client information from every angle.

We supported the implementation of a 3D biometric scanning system for one of the leading e-commerce companies in the CEE region

We advised throughout the process of implementing a solution based on advanced 3D biometric scanning technologies related to e-commerce services. Our personal data protection advisory included designing the service system – with particular attention to data processing activities – negotiating with technology partners, and preparing documentation aligned with business objectives.

Additionally, we carried out the final redesign of the service, making it more accessible to users and enabling further development. The project received numerous awards, including:

Imagine Excellence, Las Vegas 2018,
Effie Award: marketing and business solutions,
eCommerce Polska 2018: BEST IN, Best Innovation, Best on mobile,
PRCH Retail Award 2018,
Digital Excellence 2018.

Advising large capital groups on data processing

We provided comprehensive personal data protection advisory services for a group of over twenty affiliated companies. In this project, our advisory included several key steps. The main task was to conduct a data processing audit, including processing on the websites of individual companies engaged in e-commerce. Based on the audit results, we implemented and updated documentation and conducted training related to information and personal data protection. We also provided ongoing support in evaluating data processing activities.

Legal advisory for launching e-commerce platforms

We supported the launch of online sales platforms for VIP clients and company employees in terms of personal data protection. We provided comprehensive personal data protection support for two independently operating online platforms (sales programs for VIP clients and company employees). Our advisory included preparing all documentation required by data protection and consumer law, as well as developing a comprehensive reorganization model for both platforms. Additionally, we offered ongoing support in implementing the required documents and online communication with consumers.

team

TEAM