Personal data protection

We are a trusted partner of entrepreneurs who process personal data as part of their business. Our experts help companies meet the challenges of GDPR and the European Digital Decade. We have extensive experience of working in many sectors, including finance and IT.

Related topics Law

Leadership

Justyna Wilczynska-Baraniak

Justyna Wilczynska-Baraniak

EY Polska, EY Law, Intellectual Property, Technologies and Personal Data, Partner, Attorney-at-law

Alicja Guzy

Alicja Guzy

EY Poland, EY Law, Associate

The General Data Protection Regulation (GDPR) sets the standard for regulation personal data protection across the Globe. 

In Europe, each entity that is either registered in the European Union or targets and monitors Europeans is obliged to comply with the GDPR. The main principles of data processing under the GDPR are: lawfulness, fairness and transparency, purpose limitation, data minimization, storage limitation, integrity and confidentiality. GDPR is technology neutral and applies a risk-based approach. Therefore, its application is not an easy task and requires both good knowledge of the law and technology as well as experience and open-mindedness. 

Additionally, data processing (both of personal and non-personal data) is now regulated by the acts of the European Digital Decade: Data Act and Data Governance Act. These acts impose obligations relating to openness of data and fair rules of cloud computing and access to IoT data, but they also present many opportunities when it comes to development of new technologies and tools based on the vast amounts of data collected and processed in Europe. 

EY Law team helps Clients find their way in this complex environment. Our advice is not limited to stating that "measures must be adequate" - we say exactly what that means.

Need support with GDPR? Sign up for a free call with our expert.

Contact us

Menu of our services:

  • GDPR implementation

    Do you have an exciting idea for a start-up? Do you plan to scale up your local shop and open e-commerce? Or maybe you wish to expand your existing business to European Union region and offer goods to Europeans?

    Our team offers comprehensive sets of basic implementation of GDPR for entrepreneurs to ensure compliance with local privacy laws. For existing businesses we offer a thorough check of all global GDPR procedures of the company as well as implementations of the existing group procedures in local subsidiaries. These usually include:

    • Personal Data Protection Policy;
    • Data Subject’s Rights Handling Procedure;
    • Data Breach Handling Procedure;
    • Privacy by Design and by Default Procedure;
    • Data Protection Impact Assessment (DPIA);
    • Transfer Impact Assessment (TIA);
    • Third Party Management Procedure;
    • Procedure in case of Supervisory Authority Inspection;
    • Templates of documents such as privacy policy, consent clauses;
    • Registers – data processing register and register of categories of data processing.

    Our strength is the joint forces of different specialists. EY Law experts work closely with EY Cybersecurity Consulting experts to ensure that you will specifically know what it means that the security measures you need to apply must be “accurate” and “effective”. We understand technology and are able to audit it.

    EY Law together with EY Cybersecurity Consulting provide comprehensive support in such complex assessments as:

    • Data protection impact assessment – that is a compulsory check for all new operations of processing that apply new technologies and incur significant risk; the teams can identify the risk factors and their magnitude, check all security measures applied to mitigate those and propose additional measures in several iterations to ensure proper level of security
    • Transfer impact assessment – a compulsory task in all cases where personal data are transferred outside of the European Economic Area and countries recognized by the Commission as having a level of data protection that is substantially equal to that in the EU; we conduct all the necessary steps, from legal discovery of the recipient country to risk assessments and security measures adjustment.

    Additionally we provide implementation of country-specific provisions, if needed, and first GDPR training to employees. We join forces with other EY Law offices across the globe to provide you with multinational advice, if needed.

    For newly established companies our Data Protection Team offers the following services:

    • Data Protection Assessment and Strategy – we conduct an initial assessment of the company's data processing activities and provide a customized data protection strategy that aligns with the business goals and compliance requirements.
    • Transparency compliance – we draft clear and comprehensive privacy policies and notices that inform customers, users, employees, contractors and all other data subjects involved about how their data will be collected, processed, and protected.
    • Data Protection Compliance Roadmap – we develop a step-by-step roadmap outlining the specific actions and milestones the company needs to achieve to ensure GDPR or other relevant data protection law compliance. We draft the required documents and assist in GDPR implementation every step of the way
    • Consent Mechanisms and Forms – we assist in designing and implementing proper consent mechanisms and forms for data collection and processing activities, ensuring compliance with consent requirements. We also help properly and effectively transferring, merging and cross-using databases to enhance cross and up-selling.
    • Employee Training and Awareness – we provide customized training programs to educate employees about data protection principles, their responsibilities, and best practices.
    • Data Mapping and Inventory – we help the company map out its data flows and create an inventory of the personal data it processes, ensuring transparency and facilitating compliance – we provide complex support in filling-in, updating and maintenance of registers of data processing activities and categories of data processing activities.

    Third party management – we provide complex and effective procedures of third party access risk assessment, risk management and checks. We provide specific catalogues of technical and legal security measures that are aimed at effective management of vendors, suppliers and cooperators. 

  • GDPR audits

    Wondering how efficient your organization’s privacy policies are few years after GDPR implementation? Your company is growing rapidly and you are worried about compliance with privacy laws?

    Our Data Protection Team offers a comprehensive range of services related to GDPR audits for companies. These services are designed to assist businesses in ensuring their compliance with data protection laws and regulations. Here are some services that we provide within our GDPR audit:

    • GDPR Compliance Assessment. We provide a detailed evaluation of company's current data protection practices and policies to identify areas of non-compliance with GDPR requirements. We apply both test of one and EY sampling methodologies to test operational effectiveness of the compliance mechanisms. We also carefully test design of the compliance measures.
    • Data Mapping and Inventory. We assist companies in mapping out the flow of personal data within their organization, identifying data processing activities, and creating a comprehensive data inventory.
    • Privacy Policy and Notices Review. We review and update the company's privacy policies and notices to ensure they accurately reflect GDPR requirements and provide clear information to data subjects.
    • Consent Management. We help design and implement consent mechanisms for data processing, ensuring that valid consent is obtained from data subjects and documented appropriately.
    • Data Processing Agreements. We draft and review data processing agreements (DPAs) between companies and their third-party service providers to ensure proper data protection clauses are included.
    • Employee Training. We provide GDPR training programs for employees to raise awareness about data protection obligations, privacy best practices, and incident reporting procedures.
    • Data Protection Impact Assessments (DPIAs). We assist in conducting DPIAs for high-risk data processing activities, ensuring that potential privacy risks are identified and mitigated.
    • Vendor and Third-Party Audits. We conduct audits of vendors and third-party partners to ensure they are also compliant with GDPR requirements when processing personal data on behalf of the company.
    • Incident Response Planning. We develop and review incident response plans to ensure a company is prepared to respond effectively to data breaches and security incidents as required by GDPR.
    • Data Subject Rights Management. We test the design and effectiveness of measures applied to handle data subject rights requests, such as access, rectification, erasure, and data portability.
    • Records of Processing Activities. We check how companies maintain records of their data processing activities as mandated by GDPR.
    • Security and Technical Measures. We audit and provide guidance on implementing appropriate security measures and technical safeguards to protect personal data.

    Our services include gap analysis, preparation of reports and recommendations. We provide comprehensive summary of our findings, explain their magnitude and meaning and provide simple and concrete advise on how to mitigate identified risks and close the gaps. 

  • DPO support

    Wondering whether your organization should appoint a Data Protection Officer (DPO)? Planning to open a new company in the European Union or to start offering a new type of services for your customers? Want to confirm what are the current requirements under GDPR and if you are GDPR compliant?

    EY can help you assess whether you need a Data Protection Officer and will help choose the right person, appoint him/her and notify him/her to the supervisory authority. If you do not wish to hire the DPO on your own, EY Law can act as an external DPO and help you with your data protection challenges every day.

    For years, our team has been supporting international companies and Data Protection Officers in different EU locations in meeting regulatory obligations to protect user, employee and contractor data at the highest level of quality and to most efficiently comply with GDPR and local authorities’ requirements.

    Our support includes:

    • Conducting DPO assessments to determine if the company is obliged to appoint a DPO.
    • Dedicating an expert lawyer for the ongoing support inside your organization ­– at your request this option may include sending our expert to your company’s headquarters to allow us to thoroughly comprehend your organization’s procedures and stakeholders’ expectations to be able to adjust the data protection procedures and match them with an existing company structure and data flow (secondment service).
    • Flexible packages of hours of support from our lawyers whenever needed, including support in implementation of new technologies and data-based solutions in your company, as well as crisis management support.
    • Hotline with our legal team experts designed for businesses which need quick and efficient data protection legal support and incidents response.
    • Professional support with appointing procedures in the country of destination, communication with local authorities and verification of specific local requirements for a DPO.

  • ISAE 3000 certification

    Wondering how to become a more trusted business partner and prove reliability in the privacy field?

    Our team of experts in cooperation with EY Cybersecurity Compliance Team offers services related to International Standard on Assurance Engagements (ISAE) certifications, specifically focusing on data protection and information security. ISAE 3000 Assurance Engagement is designed to provide independent assurance to clients and stakeholders that their data protection practices and information security controls meet established standards.

    We conduct independent assessments of a company's data protection and information security controls, policies, and practices to assess compliance with relevant standards and regulations. We provide a comprehensive report on the effectiveness of these controls over a specified period and issue a certificate that may be used to prove the company’s reliability in front of its clients.

    A report responds to the needs of the supplier - it can relate to the evaluation of the effectiveness of mechanisms to ensure the quality of data in the system. The scope of such a report can be defined according to the client's wishes and address exactly their specific needs. The ISAE 3000 report often covers issues related to ensuring the proper operation of the internal control environment in relation to the requirements of the GDPR.

    The benefits of certification for your business include:

    • ISAE 3000 Report is an independent third party certification, recognized worldwide as a proof of efficient privacy policies in your company.
    • The certificate may serve as proof in case of privacy-related claims,
    • Some enterprise clients may require this type of certification in security classification procedures.
    • It is an additional sign for your existing and new clients how much your organization cares about compliant processing of their confidential information and sensitive data.

  • SOC2 certification

    Do your company’s services involve the processing, storage, or transmission of sensitive customer data? Do your clients often request information about your internal controls, security practices, and compliance? Are you looking to gain a competitive advantage by demonstrating a strong commitment to data security and compliance? Have you identified potential risks or vulnerabilities in your systems that could impact the security of client data?

    We offer attestation services to increase the credibility of your business and gain the trust of your customers.

    SOC 2 (Service Organization Control 2) is a widely recognized auditing standard developed by the American Institute of CPAs (AICPA) to assess and report on the controls and processes related to security, availability, processing integrity, confidentiality, and privacy of data within service organizations. It focuses on the controls that a service organization has in place to ensure the security and privacy of customer data and other sensitive information.

    SOC 2 reports are often requested by clients, partners, and stakeholders as a way to assess the security and data protection practices of a service organization before engaging in business with them. These reports provide assurance that the service organization's systems, processes, and procedures meet industry best practices and comply with relevant regulatory requirements.

    What are the benefits of SOC for your organization?

    The SOC report:

    • confirms the implementation and operational effectiveness of your organization's controls,
    • reduces the number and scope of audits to be conducted by client auditors,
    • enables you to use the knowledge of professionals to evaluate the processes in place and identify areas for improvement,
    • helps meet customer expectations regarding the quality of services provided, confirmed by a report issued by an independent auditor.

    What are the advantages of SOC certification for your clients?

    The certification:

    • enables a reduction in the cost of service provider audits,
    • provides an independent opinion on the effectiveness of the service provider organization's internal control system,
    • enables monitoring of risks and provides assurance of the appropriate level of control over services provided and technology delivered,
    • helps meet the requirements set by regulators.

  • Transfer impact assessments

    Does your company transfer personal data to countries outside the European Economic Area (EEA)? Do you use tools of global Tech Giants? Wondering about technical and organizational measures to have in place to ensure the security and confidentiality of transferred data? Have you considered using GDPR-approved safeguards for these transfers, such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs)?

    According to the Schrems II ruling, for the effectiveness of all safeguards for data transfers outside the EEA to countries that do not have an adequacy decision issued by the European Commission - it is necessary to conduct a study of the transfer's effects on data protection.

    A Transfer Impact Assessment (TIA) is a process that evaluates the potential impact of transferring personal data from one jurisdiction to another. This assessment helps organizations ensure compliance with data protection laws and safeguard the rights and privacy of individuals whose data is being transferred.

    Our team has proven experience in assisting organizations with transfer impact assessment. Here are some of the key services we provide:

    • Legal Review and Analysis: We review the data transfer arrangement and assess its legal implications under relevant data protection regulations, such as the GDPR (General Data Protection Regulation) or other applicable laws and assess the legal landscape in the recipient country to establish the level of risk.
    • Cross-Jurisdictional Compliance: We ensure that the data transfer complies with both the source and destination jurisdictions' data protection laws, including evaluating the legal bases for transfer and the adequacy of protection and application of proper security measures to ensure the transfer is secure for EU originating data.
    • Assessment of Data Transfer Mechanisms: We advise on the most suitable data transfer mechanisms, such as Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), and other – we help you choose and draft the needed documents as well as ensuring their effectivness.

  • Privacy by design in AI

    As a knowledgeable and experienced advisor in Privacy by Design for Artificial Intelligence, our team of experts helps businesses navigate the complex intersection of AI and data protection regulations while fostering trust and compliance. Our solutions are in line with the newly adopted AI Act in European Union, as well as AI-related data protection recommendations in the EU.

    Privacy by Design is a concept that emphasizes integrating data protection considerations into the design and development of technologies, including AI systems. It is indispensable in any case where the AI will be used in connection with personal data. EY is well equipped and willing to help you reach the necessary compliance.

    Here are the legal services we offer in this area:

    • Privacy Impact Assessments (PIAs) for AI Systems. We conduct privacy assessments of AI systems to identify potential privacy risks and recommend measures to embed privacy protections into the design and operation of these systems.
    • Drafting Privacy Policies and Notices. We create privacy policies and notices specifically tailored to AI applications, ensuring transparency in data processing practices and explaining how AI technologies handle personal data. We also help in strategizing the provision of notices in due course and proper way to the data subjects.
    • GDPR Compliance for AI. We advise on how AI systems can comply with the General Data Protection Regulation (GDPR) requirements, including lawful processing, data subject rights, and cross-border data transfers.
    • Data Minimization and Purpose Limitation Strategies. We assist in designing AI systems that collect and process only the necessary data, limiting the scope of data collection to minimize privacy risks.
    • Consent Mechanisms for AI. We develop consent mechanisms for AI applications, ensuring that users provide informed and explicit consent for data processing activities, where it is needed.
    • Anonymization and Pseudonymization Techniques. We advise on techniques to anonymize or pseudonymize data used in AI systems to protect individual privacy while maintaining data utility.
    • Data Protection Agreements and Contracts. We draft data protection agreements and contracts for AI-related data sharing, collaborations, or partnerships to ensure compliance with privacy requirements.
    • Cross-Border Data Transfer Solutions. We provide guidance on transferring AI-generated or processed data across borders while adhering to data protection regulations and international data transfer mechanisms.
    • AI Ethics and Fairness. We address ethical considerations and fairness concerns in AI design, ensuring that AI systems do not result in biased or discriminatory outcomes.
    • Regulatory Compliance Monitoring. We monitor developments in AI and data protection regulations to ensure ongoing compliance and recommend necessary adjustments to AI systems.
    • Incident Response Planning for AI. We assist in developing incident response plans specifically tailored to AI-related privacy breaches or security incidents.

  • Data Governance Act compliance

    Has your company been following the developments around the Data Governance Act? Are you considering its potential impact on your data governance and sharing practices? Wondering how your organization could benefit from this EU framework for trusted data sharing across borders?

    The Data Governance Act (DGA) is a crucial pillar of the European Union’s strategy for data as it seeks to accelerate data sharing, strengthen processes for data availability and enable private and public entities to reuse data without technical obstacles. The regulation has entered into force on 23 June 2022, and it aims to support the set-up and development of common EU data spaces in strategic areas.

    Our team of experts helps to identify potential domains in which your organization could benefit from the Data Governance Act and provides comprehensive support in implementation of data-driven projects, in compliance with GDPR and Data Governance Act. We are able to help with data management and data sharing, among others, in the following areas:

    • Cross-Border Data Sharing. The primary focus of the DGA is to create a framework for secure and standardized cross-border data sharing. If your business relies on sharing data with partners, customers, or service providers across EU member states we can help you benefit from more streamlined and harmonized processes.
    • Research and Innovation. Organizations engaged in research, development, and innovation often require access to diverse datasets for analysis and insights. The DGA could provide a more accessible and standardized way to collaborate and share data across borders, promoting innovation, and our team can advise how to do it!
    • Data-Driven Decision-Making. Companies that heavily rely on data for decision-making could benefit from improved access to quality data from various sources. The DGA could encourage better data sharing practices, leading to more accurate and informed decisions. We can help you in finding ways to obtain and use data in line with EU and local law.
    • Digital Services and Platforms. Businesses that provide digital services or operate platforms that involve data sharing among users could find the DGA beneficial. The regulation could help establish clear rules for data sharing and data access mechanisms. We can help you identify and squeeze this legal opportunity.
    • Supply Chain Management. Companies with complex supply chains that span across different EU countries may find it easier to share supply chain-related data, such as inventory levels, logistics, and production data, in compliance with the DGA. We can help you strategize, design and implement the data sharing flows for your supply chains.
    • Smart Cities and IoT. Businesses involved in creating smart city solutions, IoT devices, and connected infrastructure could benefit from standardized data sharing practices that enhance interoperability and data security. We can help you establish data sharing mechanisms that are compliant with EU and local law.
    • Data Monetization and Commercialization. Businesses that seek to commercialize or monetize their data assets may find the DGA beneficial in terms of standardized agreements, liability frameworks, and data usage permissions. We can help you draft those documents.
    • Startups and SMEs. The DGA's provisions could particularly benefit startups and small to medium-sized enterprises (SMEs) by reducing barriers to data sharing and enabling them to access data resources from larger partners. We may help you find and squeeze the new opportunities.
    • Environmental data. The available public data may help your business to develop or implement solutions regarding carbon footprint, eco-friendly lifestyle, fighting climate change, monitoring natural disasters. EY can help you legally obtain and use the data and implement specific green solutions.
    • Mobility data. Your innovative products and services may be related to public transport and real-time navigation. We help in proper obtaining and use of data.
    • Health data. Your organization may provide data-driven innovations aimed at improving healthcare, providing better tailored private treatments. EY can help prepare a legal framework to conduct such activities in line with EU and local laws.

  • Compliance in health devices

    Data protection in the context of health equipment involves ensuring that the collection, processing, storage, and sharing of personal and sensitive health-related data comply with applicable data protection laws and regulations. Here are some key legal aspects to consider in the realm of data protection for health equipment ­– which our data privacy lawyers can help you navigate:

    • Data Protection Regulations. It is crucial to understand and comply with relevant data protection laws and regulations, such as the General Data Protection Regulation (GDPR) in the European Union or the Health Insurance Portability and Accountability Act (HIPAA) in the United States, depending on the jurisdiction.
    • Sensitive Health Data. Health equipment may involve the collection and processing of sensitive health-related data, which requires heightened protection. Ensure compliance with legal requirements for processing sensitive data, such as obtaining explicit consent or fulfilling legitimate processing criteria.
    • Lawful Basis for Processing. It may be important to identify and establish a lawful basis for processing health data, such as the necessity of processing for medical diagnosis, treatment, or the management of health care services.
    • Informed Consent. Companies may in some cases need to obtain clear and informed consent from individuals before collecting and processing their health data, providing them with transparent information about how their data will be used.
    • Purpose Limitation. Organizations can process health data only for specific and legitimate purposes related to the provision of health care services or the functioning of health equipment.
    • Data Minimization. Entities may collect and process only the minimum amount of health data necessary to achieve the intended purpose, reducing the risk of excessive data collection. At the same time, effective and holistic diagnosis is a must.
    • Security Measures. It’s important to implement robust security measures to protect health data from unauthorized access, breaches, and cyberattacks, ensuring the confidentiality and integrity of the data.

    Given the sensitive nature of health data and the evolving legal landscape, it's essential for your organization to work closely with legal experts who specialize in data protection and health care regulations to ensure comprehensive compliance and data protection in the use of health equipment, and our team can assist you in those operations.

  • Cross-jurisdictional analysis of data protection regulations

    Our experts provide a range of valuable services when it comes to cross-jurisdictional analysis of data protection regulations. This involves helping businesses navigate the complex landscape of data protection laws and regulations in different countries or regions, ensuring compliance, minimizing legal risks, and facilitating the smooth flow of data across borders. Our help includes:

    • Regulatory Mapping and Gap Analysis. We can help you identify and map the data protection laws and regulations applicable to specific business operations across multiple jurisdictions. We conduct gap analysis to assess the business's current practices against the legal requirements in each jurisdiction.
    • Compliance Assessments. We evaluate the business's data processing activities, policies, and practices to ensure compliance with the data protection laws in different jurisdictions. As a result, we provide recommendations for necessary adjustments to achieve compliance.
    • Data Transfer Mechanisms. We advise on the legal mechanisms and safeguards required for cross-border data transfers, such as standard contractual clauses, Binding Corporate Rules (BCR) and adequacy decisions.
    • Data Storage Multi-Jurisdictional Strategies. Having access to knowledge and expertise of legal experts across the Globe, we are able to collect information on retention requirements in the jurisdiction our Clients are active in and help choose a compliant yet uniform approach to data retention for the entire organization.
    • Cross-Border Data Flow Strategies. We develop strategies for managing and transferring personal data across jurisdictions while minimizing legal and compliance risks. We prepare transfer impact assessment templates, conduct those assessments, prepare and notify Binding Corporate Rules and prepare necessary agreements, including those on Standard Contractual Clauses.
    • Localization of Policies and Notices. We draft or review privacy policies, terms of use, and data processing notices tailored to meet the requirements of different jurisdictions. We also provide practical strategies for one-solution-meet-all documents for all-EU or global legal compliance.
    • Consent Mechanisms. We develop and implement consent mechanisms that comply with various jurisdictions' requirements, ensuring proper and valid consent is obtained from data subjects.
    • Regulatory Liaison. We interface with relevant data protection authorities in different jurisdictions, respond to inquiries, and manage regulatory interactions.
    • Cross-Border Mergers and Acquisitions. We provide legal guidance on data protection considerations during cross-border mergers, acquisitions, or business transactions as well as while merging and transferring databases.
    • Monitoring and Updates. We keep clients informed about changes in data protection laws and regulations in various jurisdictions that could impact their operations.

  • DPO function audit

    The Data Protection Officer is a key figure responsible for ensuring compliance with data protection laws, mainly the General Data Protection Regulation (GDPR) in the European Union. Our experts can help with the audit of the DPO role in your organization.

    Our team of lawyers specializing in data protection have a deep understanding of the legal requirements surrounding the DPO role, including local authorities guidelines. We can provide guidance on the specific duties and responsibilities of the DPO as outlined in relevant regulations.

    We may also assist you in planning the audit process for the DPO role. This includes identifying the scope of the audit, determining the relevant legal and regulatory requirements, and developing a comprehensive audit plan. As a final stage, we can review the documentation and activities of the DPO to assess compliance with legal requirements. This includes reviewing data protection policies, procedures, records of processing activities, data breach management processes, and any other relevant documentation.

    Our team offers a comprehensive assessment of independence of the DPO. GDPR  requires the DPO to operates independently and without any conflicts of interest. Our team can assess whether the DPO maintains an independent position within the organization and does not face undue influence, and whether they possess the desired level of professional knowledge and skills.

Why EY Law Poland?

Individual approach to the customer

We accompany clients at every stage of project implementation, supporting them in achieving their goals. We always find the most effective and pragmatic solutions that minimize all risks at the same time. We have the opportunity to consult technical teams on an ongoing basis, which allows us to advise in a practical and comprehensive way.

Areas of practice

We successfully handle even the most complex cases and advise on the effective use of state-of-the-art solutions related to personal data protection and GDPR implementation. We run multi-jurisdictional projects in which we advise clients on the implementation of coherent solutions covering entire regions (e.g. CESA, CEE and Nordics).

Comprehensive solutions

We provide not only legal advisory services, but also concrete and durable solutions. Working closely with EY Cybersecurity, Business and Tax Advisory teams, our advice is comprehensive and more understandable to the client.

Team of experts

Our team consists of attorneys and legal advisors who are distinguished by comprehensive experience and in-depth knowledge of business principles.

International and recognized brand

EY Law's Digital Team and its Leader are regularly recognized in prestigious rankings: Chambers Global, Chambers Europe, Legal 500, IFLR 1000, WTR 1000, IAM Patent.

Think globally, act locally

EY offers its services in 150 countries, and thanks to our extensive network of contacts and extensive exchange of experience, we create custom solutions.

Hand holding the earth against starry sky

European Digital Map

EY Law Poland will prepare your business for the ongoing digital transformation in Europe.

Find out more

Digital Regulatory Check

Check your digital compliance with just one click using Digital Regulatory Check.

Find out more

Remote Revolution
We are recommended in prestigious international rankings. Legal500 wrote about us:  ‘Wide range of specialists, strong technical knowledge and ability available for support in the most complex and innovative projects.’  

Justyna Wilczyńska-Baraniak

EY Partner, Intellectual Property, Technology and Personal Data Team Leader

Our strength is comprehensive and top-quality advice. 

We are one of the most dynamically developing international legal practices in Poland.

We combine many years of experience of legal advisors and attorneys with knowledge of the business principles of our clients. Thanks to this, we increase the efficiency of their work, while reducing the costs of their business. We go far beyond the classic understanding of consulting in the field of intellectual property and personal data protection.

We offer comprehensive, cross-sectoral and multidisciplinary legal advice at every stage of project implementation. We provide practical solutions to help you achieve your goals as effectively as possible.

Previous

Law

Next

New Technologies Law

Contact us

Interested in the changes we have made here,

contact us to find out more.