Agnieszka Witaszek

Partner Attorney at law

Agnieszka specialises in data protection, privacy and cybersecurity. She has experience serving as a Data Protection Officer (DPO) for Polish and international companies in the technology and pharmaceutical sectors. She has implemented comprehensive data protection programmes for Software-as-a-Service (SaaS) providers, online platforms, and shared service centres supporting multinational corporations.

Her experience includes mapping and managing data protection and cybersecurity processes; designing data-driven products and services; conducting compliance audits; preparing risk assessments, policies, standards and agreements relating to data protection and cybersecurity; managing data breaches and security incidents; representing clients before supervisory authorities; and delivering training on data protection and cybersecurity.

She is skilled at balancing legal requirements in the areas of data protection and cybersecurity with business needs and expectations. She holds the CIPP/E (Certified Information Privacy Professional/Europe) certification and is a member of the International Association of Privacy Professionals (IAPP).

Show moreShow less

Education

  • Master’s degree in Law, University of Warsaw 

Languages

  • English
  • German

Main areas

Data protection przekierowanie do produktu General data protection regulation (GDPR) przekierowanie do produktu

Other areas

Cybersecurity przekierowanie do produktu

Selected projects

  • Providing data privacy advice to the Pracuj Group (HR-tech industry, owner of Pracuj.pl and eRecruiter), including by designing and implementing a data privacy program. Helping product development teams to design GDPR-compliant products and services for customers. Acting as a Data Protection Officer for the Pracuj Group 
  •  Providing data privacy advice to the Merck Group (pharmaceutical/life science industry) in Poland and in the CESEE region, particularly on implementing a global data privacy program in the Polish companies within the Merck Group. Conducting a sector risk assessment for the group’s global shared services – Merck Business Services, including extensive mitigation actions. Coordinating local data protection officers in the CESEE region. Acting as the Merck Group’s Data Privacy Counsel  
  • Preparing comprehensive data privacy documentation for an online service provider entering the Polish market (delivery-tech industry) 
Related news
Poland implements NIS2: Amendment to the Act on the National Cybersecurity System signed by the President
New info
Poland–Korea AI Roundtable
News
The Legal 500 EMEA 2025 – SSW Recognised in the Ranking
New info
SSW advised Hotele Grupy Budizol on the sale of Holiday Inn Bydgoszcz to Qubus Hotel
Deals
The laws on whistleblowers come into force on 25 September 2024
New info
Legislation on whistleblowers is getting closer
New info
SSW recognised in fourteen categories in The Legal 500 EMEA 2024 ranking
New info
New partners and associates strengthen SSW
New info
Awards
Go back to teamprzekierowanie