+48 22 128 00 00



Compliance system that is well thought through and properly implemented can be is the benchmark for an effective enterprise. We provide our Clients with a professional support in the field of design, implementation and maintenance of the Compliance Management System. Depending on business needs, we offer dedicated tailor-made solutions as well as access to template documentation and standardized products. In all and any cases our products are verified to be consistent with the existing solutions in the Client’s organization.

Within the Compliance Practice we also provide our Clients with support with regard to whistleblowing schemes and proceedings, we conduct workshops and seminars and we advise on how to communicate with internal and external stakeholders. We also provide outsourcing services with regard to Compliance Officer or Deputy Compliance Officer.

Corporate law


GDPR Compliance


We offer full scope support in the area of GDPR compliance, including auditing, implementation of changes, day-to-day data management and assistance in legal and organizational aspects. Over 2016-2018 we helped over 100 clients spending over 35.000 hours on the projects. Our clients comprised the largest telecoms, banks, insurance companies, media groups, e-commerce business and energy/infrastructure companies. Our advised is used for both local companies or polish subsidiaries, as well as for pan-european projects managed by us from Polish Headquarters (including e-commerce automotive giant Inter Cars Group as well as Nowy Styl Group with their furniture business).

For our international clients as well as international privacy professionals we are regularly preparing a GDPR Poland newsletter, please see the archive: July-August 2018, September 2018, October 2018, November 2018

For international Clients we selected a dedicated set of GDPR related services:

GDPR Implementation & Audits

While the majority of companies left the implementation stages behind them, there are still several organizations with GDPR to be either implemented (in full or in part). For these projects we may either run the implementation process in full or apply “delta-approach” in the project run by some other project leader. Our experience allow us to run the audit in a fast and efficient way, adapting our approach to the business goals and Clients’ expectations.

Localization of the GDPR implementation

Although GDPR was meant to unify data protection law and practice Europe-wide the reality is that there are numerous, significant differences in this field, resulting from country-specific laws, local DPA's approach and case law. This situation poses a non-compliance risk to groups of companies which are often trying to implement GDPR uniformly in all group's undertakings, overlooking local specificity. It happens that solutions that are working in line with the law in one country must be more or less trimmed to fit the local specific requirements. Localization service that we offer includes assessment of the means of GDPR implementation from the Polish perspective and advising on solutions that are as close as possible to the group's standard and remain compliant with the Polish law. Having vast experience in the GDPR implementation projects in Poland, including Polish-based affiliates of international groups we are well equipped to deliver top quality, business-driven advice.

DPO Outsourcing / Deputy DPO

While it is a common practice among international groups of undertakings to appoint a group DPO, it is often difficult for such a DPO to ensure proper supervision over all issues which relate to the protection of personal data on a local level. The reason for that being is the separation of a DPO from domestic affairs and day-to-day data processing activities, specifics of the local law and practice and sometimes a language barrier. Having that in mind we offer both DPO Outsourcing or Deputy DPO Outsourcing service which includes support in executing DPO's duties in the group's undertaking established in Poland. Acting as a relay, we implement DPO's strategy locally by managing communication (both internally and with data subjects and DPA), training staff, reviewing data processing agreements, conducting DPIA, investigating data protection breaches and taking other actions as agreed upon.

Negotiations with business partners based in Poland

Negotiating agreements with foreign counterparts has always been challenging, even without the GDPR in place. Now, once the GDPR impose even more requirements on both controllers and processors and as this new law brings uncertainty as to how should it be applied in practice, strengthen by country-specific differences, the challenge is far bigger. We offer support for controllers and processors in negotiating data processing agreements with business partners located in Poland as well as in the process of executing such agreements, e.g. by way of conducting audits, responding to incidents, obtaining information, pursuing and executing contractual penalties).

GDPR Helpdesk Poland

Applying the GDPR in business practice in Poland requires considering country-specific laws and approach of the local DPA. Poland has numerous laws in the fields of HR, banking, insurance, telecommunications, e-commerce, and marketing, to name the most significant ones, that hugely affect the processing of personal data. We offer our support in ensuring compliance of the projects and activities which involve processing of personal data under the Polish law. In particular, we support privacy by design analysis, risk analysis, data breach assessment, drafting notification or consent clauses, by-laws, internal data protection policies and data processing agreements, and other activities as agreed upon.

Proceedings before the Polish courts and DPA

The major change in data privacy landscape that has been brought to us by the GDPR is enforcement. DPAs and data subjects are now well equipped with tools that can be effectively used against controllers and processors whose data protection practices are questionable. As a part of our litigation practice, we offer representation in all kinds of proceedings before the Polish courts and DPA starting from DPA's inspection (including preparation to the inspection) through all administrative and court instances in Poland up to the Court of Justice of the European Union.

Representative of controller or processor not established in EU

The GDPR requires that the controller or processor not established in the EU designate a representative in the Union in case it offers goods or services to the data subjects in the EU or tracks their behavior that takes place within the EU. As part of our offer for foreign controllers and processors, we are ready to act in the capacity of their designated representative in the EU.


Certifications and codes of conduct are convenient means of managing the GDPR compliance. Our offer includes support in obtaining and maintaining certification from an authorized entity or DPA in Poland.

Antimonopoly law

We advise Clients on all areas of antimonopoly law and rules governing the protection of consumers. What makes us stand out is our comprehensive approach to the antitrust and consumer rights matters, extremely rich experience gained over the years and a unique knowledge of many industries, particularly IT.

Having regard to the non-intuitive and not obvious regulations, we advise Clients on how to approach the regulations without breaching them.

In addition to classic advisory services on antimonopoly disputes and court proceedings, we strongly focus on the prevention and education. For our Clients, we carry out trainings on the competition and compliance law issues, antimonopoly audits, verify model contracts and operational procedures and carry out simulations of procedures in the event of an antimonopoly mock dawn raid.


ul. Wspólna 62
00-684 Warszawa
Ufficio Primo


+48 22 128 00 00

   +48 22 32 32 321