Services – Data Practice — Data Economy

Go to content

Data economy

We help entities processing and using data in a world of changing laws.

For years, we have provided comprehensive advice on the legal aspects of data to Polish and foreign clients. As a result, we have a thorough understanding of the specifics of the operations of data-driven industries and sectors, as well as the legal challenges faced by our clients.

Data, whether personal or non-personal, is an increasingly valuable asset across all industries and sectors. But the advancing digital transformation of the economy is accompanied by more and more new regulations governing data and the tools used to process and analyse it.

The rapid development and complexity of these regulations brings many challenges for data processors and users. Importantly, these regulations affect all sectors of the economy and all areas of law. Legal advice in the area of data requires not only experience, creativity, and an understanding of the business environment, but also an interdisciplinary approach to the problems faced by entities processing and using data.

  • We provide comprehensive advice on the General Data Protection Regulation and other personal data protection regulations.
  • We conduct audits for GDPR compliance and the lawfulness of clients’ use of cookies and other tracking technologies.
  • We draft agreements on processing and sharing data.
  • We draft internal documents to ensure that our clients’ operations comply with data protection law (e.g. data protection policies).
  • We draft privacy policies, cookie policies, and other documents and information clauses ensuring fulfilment of the duty of transparency in data processing.
  • We advise on the transfer of personal data to countries outside the European Economic Area, including drafting of data transfer agreements.
  • We assist in the event of data breaches, including ransomware attacks and data hacks.
  • We help clients prepare responses to requests submitted by data subjects under the GDPR (e.g. exercising the right to access data or obtain copies of data).
  • We help to carry out data protection impact assessments.
  • We advise on:
    • Rules for processing of commercial information
    • Banking, payment and telecommunications secrecy, and other legally protected forms of confidentiality
    • Rules for processing data in the context of anti-money laundering and counter-terrorist financing
    • Processing of medical and health-related data, particularly in the context of clinical trials and the operation of healthcare entities, including medical confidentiality
    • Processing of data for marketing purposes
    • Processing for internal investigations, whistleblowing and similar activities.
  • We represent clients in administrative proceedings before the national data protection authority and the administrative courts.
  • We support clients in inspections by the data protection authority.
  • We provide training in data protection for clients, particularly HR and marketing departments.
  • We advise on M&A transactions involving data assets:
    • Share deals involving companies holding data
    • Asset deals where data is the main asset of the transaction.
  • We carry out audits of the target’s data protection compliance.
  • We advise on transaction-related issues, e.g. the permissibility of transferring certain data for purposes of the transaction or the possibility of using data post-closing.
  • We help structure the transaction to take proper account of data issues in the timetable.
  • We help prepare transactional documentation concerning data, governing:
    • Liability for potential breaches
    • How data is transferred or shared
    • Processing of data in the interim between closing and operational consolidation of the acquired assets within the buyer’s structure of systems and practices.
  • We advise on restrictions on the transfer and use of non-personal data and mixed datasets combining personal and non-personal data.
  • We draft data transfer agreements.
  • We draft data usage policies and codes of conduct.
  • As part of due diligence processes, we assess the legal basis for the use of datasets, in particular Big Data, and the possibility of transferring such datasets.
  • We advise on how to ensure the lawfulness of purchase or takeover of data assets containing both personal and non-personal data.
  • We support data intermediation service providers and data altruism organisations in adapting their activities to the applicable regulations.
  • We advise on how to ensure that data sharing complies with the law (in particular competition law, intellectual property law, and data governance regulations).
  • We advise on open data and the re-use of public sector information.
  • We advise on obtaining data for the purposes of building and developing AI solutions, both at the stage of creating the solution in the production and testing environment and after it is made available to users (including obtaining data from users of the solution).
  • We give opinions on the permissibility of using algorithms, AI systems and other data analysis technologies, in particular in light of data protection and consumer protection regulations, labour law and the laws governing financial institutions.
  • We advise on classification of AI systems.
  • We assist in the development of AI risk management systems.
  • We give opinions on the compliance of AI solutions with proposed AI legislation, particularly under EU law.
  • We draft terms and conditions for services based on AI systems.
  • We create contracts for supply of data for training AI algorithms and systems.
  • We advise on data protection law and intellectual property rights in the context of AI algorithms and systems.
  • We develop best practices for managing AI algorithms and systems.
  • We draft internal policies for the use of AI systems in organisations, especially generative AI models.
  • We represent clients before the competent authorities.


Krzysztof Wojdył

Tel.: (+48) 22 437 82 00, 22 537 82 00