About Dr Joanna Maniszewska-Ejsmont

Dr Joanna Maniszewska-Ejsmont is a Polish attorney-at-law (radca prawny) registered with the Warsaw Bar of Legal Counsels (OIRP Warszawa), a former notary public, and a legal scholar holding a PhD in legal sciences.

She specialises in data protection and privacy law (GDPR), real estate law, construction law, family law, and corporate law. She serves as a lecturer at SWPS University in Warsaw, where she teaches civil law, family law, and real estate law at the Faculty of Law.

Her current professional focus is GDPR compliance, data privacy advisory, and data protection officer (DPO) services for private companies, public institutions, and international organisations operating in Poland.

She is the author of several peer-reviewed publications in leading Polish legal journals, including Palestra, Rejent, and Civitas et Lex.

GDPR & Data Privacy Services

We provide comprehensive legal and advisory services in data protection and privacy law for organisations operating in Poland and the European Union. Our approach is practical and risk-oriented — focused on implementing solutions that work in your day-to-day operations.

We support both private and public entities, including international companies with Polish operations, public administration bodies, schools, and — in selected cases — NGOs on a pro bono basis.

GDPR Compliance Audit & Privacy Due Diligence

Assessment of data processing activities against GDPR and sector-specific regulations. Risk identification, remediation recommendations, and review of legal bases for processing, including Legitimate Interest Assessments (LIA).

Data Protection Documentation & Procedures

Records of processing activities, data protection policies, authorisation and retention procedures, privacy notices, consent forms, and internal standards. Implementation of privacy by design and privacy by default.

Vendor Agreements & International Data Transfers

Data processing agreements, sub-processor verification, and supply chain compliance. Assessment of data transfers outside the EEA and selection of appropriate safeguards (SCCs, Transfer Impact Assessments). Support in negotiations with IT service providers and data processors.

DPIA — Data Protection Impact Assessment

Preparation and review of DPIAs for monitoring systems, HR platforms, online services, profiling, and other high-risk processing. Risk modelling, selection of organisational and technical measures, and advisory support for new system implementations from a privacy perspective.

Data Breach Response & Incident Management

Breach risk assessment, remedial action support, preparation of UODO notifications and communications to affected individuals. Development of incident response procedures and management of internal investigations.

Data Subject Rights Management

Handling and standardisation of data subject requests: access, rectification, erasure, restriction, objection, and data portability. Development of response procedures and templates, support in disputed cases.

Sector-Specific Privacy Compliance

— CCTV and access control systems — compliance, retention, and disclosure rules — HR and employee data — recruitment, personnel files, benefits, workplace monitoring — Marketing, cookies, and tracking technologies — consent, analytics, remarketing — Data protection in sales processes and customer service operations

GDPR Training & Workshops

Practical workshops tailored to your industry and participants’ roles (management, HR, IT, general staff). Incident simulation exercises (table-top scenarios), retention training, and legal basis workshops. All sessions delivered by a qualified legal professional with academic teaching experience.

Get in Touch

We tailor our services to your needs — from a one-time audit to ongoing support and project-based advisory. Initial case review and cost estimate are provided free of charge.