Employers collect and process significant amounts of their employees’ personal data. Without proper data management, this can become a source of risk. Our data protection advisory services help ensure appropriate security measures are in place.

• Conduct comprehensive audits of data processing systems, identifying potential issues in the structures and scope of data, as well as processing workflows.
• Diagnose problems and issue recommendations for corrective actions to help clients avoid reputational losses, significant financial penalties, or legal proceedings.
• Implement and monitor tailored „therapies” (intensive or conservative, depending on the organisation’s state) to address areas needing improvement or enhancement in terms of data security.
• Train client personnel to improve their understanding of data protection principles, related risks, mitigation methods and incident responses, including data breaches.
• After the therapy, provide ongoing preventive measures, delivering regular updates on key areas.
• Offer active support during inspections by supervisory authorities or incidents involving data protection violations, ensuring the swift implementation of legal and organisational recommendations to prevent further losses. We file incident reports with supervisory authorities on behalf of clients.
• Assist clients in safely implementing AI-based solutions and compliant procedures for candidate and employee verification (background checks).
• Represent clients in administrative and court proceedings concerning data protection violations, often initiated by employees or former employees. We handle correspondence with supervisory authorities and appear before administrative courts.
• Draft necessary documentation and implement best practices for data protection during remote work.

Recent Projects:

• Represented a client in a case concerning the retention of recruitment data – the court agreed with our argumentation and rejected the supervisory authority’s interpretation requiring the deletion of recruitment process data.
• Advised on the use of background checks in Poland.
• Assisted a client in transferring employee data related to the transfer of part of their business operations.
• Assessed the GDPR compliance of AI systems used for workplace safety purposes.