Data protection

Personal data include any information concerning an identified or identifiable individual. Protection of personal data primarily involves collection and processing of data by various entities in a manner ensuring the integrity, confidentiality and accessibility of the data.

There is no doubt that since entry into force of the EU’s General Data Protection Regulation (GDPR), societal awareness of the issue of personal data protection, and the risks associated with data breaches, has risen. The growth of technology and the frequent use of malware to steal personal data have forced businesses to implement mechanisms protecting data and adopt appropriate policies.

The safety of personal data has never been as important as it is now. Given how valuable they can be for cyber criminals, personal data must be properly protected. Lawmakers’ response to cyber threats (such as the General Data Protection Regulation) has introduced requirements for management and protection of personal data within organizations. In our advisory at KPMG Law, we support our clients in ensuring that their internal procedures comply with the law and thus assist clients in limiting their regulatory risks. We assist in identifying irregularities at an early stage, in order to avoid disputes, and when disputes are unavoidable we represent the parties during proceedings.

In contemporary society founded on technology and information, personal data are taking on more and more value. Along with this, the risk of abuses from unauthorized use of personal data is also rising, as are the number of regulations governing the protection of personal data. Market participants must now comply with standards set forth in the GDPR and national regulations.

There has also been a marked increase in fines which can be imposed by regulators for failure to protect data subjects’ privacy (fines imposed by the Polish data protection authority, the President of the Personal Data Protection Office (PUODO), can reach as high as EUR 20 million or 4% of an undertaking’s total turnover in the previous financial year).

For these reasons, it is vital to have competent advisors, including legal advisors, who keep abreast of the relevant regulations, the guidelines of European institutions, and the positions of national authorities.

The main benefit from our support for businesses is the ability to eliminate or greatly restrict the legal risks associated with processing of personal data. Drawing on our many years of experience, we can identify risks and potential irregularities at an early stage, before claims are asserted by data subjects or administrative proceedings are initiated by the data protection authority. We also have extensive experience conducting administrative proceedings before the regulator, reaching favourable resolutions for our clients.

What sets us at KPMG Law apart is the interdisciplinary character of our services. In many projects, we cooperate with KPMG’s business advisory division, providing procedural, technical and IT support. 

• Identification and analysis of gaps in the organization’s compliance with data protection rules under the GDPR and national regulations
• Drafting documentation connected with processing of personal data, such as:
  • Consent forms and informational clauses
  • Data processing procedures and policies (e.g. data retention policy)
  • Privacy protection notices for publication on websites
  • Data processing agreements
  • Internal registers
• Support when data breaches are discovered, including analysis of the need to report the breach and drafting notifications of breaches to the data protection authority and data subjects
• Representation in administrative and judicial proceedings and contacts with the data protection authority
• Preparing responses to requests and assisting in resolving disputes with individuals in connection with processing of their data
• Support in negotiations with clients and suppliers on protection of personal data as part of the conditions of cooperation
• Advice on transfers of personal data to third countries
• Resolving clients’ current issues with applying data protection rules, designing new solutions, and advising on drafting of corporate policies for compliance with the GDPR
• Conducting training and workshops on data protection regulations.

Our team of advisors on data protection issues is made up of experts with many years of experience. We successfully advise businesses on protection of the personal data they process and provide reassurance on elimination of regulatory risks. We treat every client individually, and if the situation requires, we draw on the experience of other divisions within the KPMG network, such as business advisory.

Regardless of whether the company is at the phase of bringing its processes into compliance with the GDPR or needs support in everyday data processing issues, KPMG Law is a trusted advisor not just for one-off projects but also in the longer-term perspective.