The development of commercial and social relations is accompanied by technological progress and the widescale use of information systems and services.


The need to ensure cyber-security arises from the speed of development, the complexity of IT technologies and the extent to which IT solutions are relied upon. Disruptions to the proper functioning of IT systems can negatively affect a company’s financial, commercial and security interests.

The National Cyber-Security System Act entered into force on 28th August 2018.

The act implements into Polish law the EU’s Directive 2016/1148 of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union. This legislation imposes numerous obligations on a range of entities.


Fine of up to PLN 200,000, or even PLN 1m in certain cases, may be imposed on entities that commit particular infringements. Firms may even be fined after they no longer infringe their obligation or have already remedied the losses they caused.


Fines can also be imposed on the managers of key service operators, up to 200% of the manager’s monthly remuneration.

How can we help?

Audit + Recommendations + Documentation

  • analysis, review, developing internal procedures on cyber-security (Security Policy, BRP);
  • internal audits and reviewing the compliance of new cyber-security documentation with existing internal security management procedures in place at the workplaces of key services operators and digital services suppliers.

Relations with supervisory authorities

  • designing action plans to be implemented in the event of audits conducted by a cyber-security authority;
  • representing clients in proceedings before cyber-security authorities, particularly as regards infringement proceedings;
  • representing clients in court and administrative proceedings concerning cyber-security, especially as regards infringement proceedings.

Personal data protection

  • advising entities on their cyber-security obligations regarding personal data processing and the provision of information to competent authorities;
  • assessing internal documentation on cyber-security as regards the obligation to handle and report incidents that are covered by personal data protection rules.

Relations with IT providers

  • advising on cooperation with IT providers, for example by analysing compliance of contracts concluded with IT providers with legal and regulatory requirements, including sector recommendations issued by the supervision authorities concerning the security of IT systems;
  • supporting the implementation of security management systems in information systems used to provide key services, especially as regards drafting/assessing software purchase or maintenance agreements, creating internal incidents management structures, internal procedures for handling security management systems and reviewing whether the requirements for such systems are met;
  • advising on how to conclude agreements to guard against cyber-attacks, negotiate insurance conditions and analyse insurance documentation.

Legal and regulatory monitoring (cyber-security compliance)

analysing the existing legal environment and any planned changes regarding cyber-security, including draft legislative proposals.

Training and workshops

providing dedicated trainings regarding the obligations of key services operators and digital services suppliers, including compliance with personal data protection rules.

Contact us

Janusz Mazurek

Janusz Mazurek



Katarzyna Szczudlik

Katarzyna Szczudlik



Marek Wędrychowski

Marek Wędrychowski




Contact Form

The Controller of your personal data is Spaczyński, Szczepaniak i Wspólnicy sp.k., ul. Rondo ONZ 1, p. 12, 00-124 Warsaw. Your personal data contained in your form are processed in order to enable us to contact you. The details concerning our processing of your personal data, including your rights connected with your personal data, can be found in our privacy policy available here Privacy Policy.

If you are interested in obtaining offers and materials concerning the products, services and events of Spaczyński, Szczepaniak i Wspólnicy sp.k., please indicate your agreement below.