Home / People / Damian Karwala
Damian Karwala

Damian Karwala

Senior Associate

CMS Cameron McKenna Nabarro Olswang Pośniak i Bejm sp.k.
Warsaw Financial Centre
ul. Emilii Plater 53
00-113 Warsaw
Languages Polish, English

Damian Karwala is a qualified legal advisor and a Senior Associate in the IP/TMT Group at CMS. Damian specialises in advising international digital businesses on all aspects of TMT law.

For the last 12 years, Damian has advised clients on data privacy, cybersecurity, IT, internet, e-commerce and digital transformation. His clients include leading mobile operators, internet and e-commerce companies, banks, insurers, software developers and media companies. Over the last few years he has focused on GDPR-related advisory. Recently he participated in due diligence/gap analysis exercises and GDPR awareness trainings for leading insurance and debt collection sector companies.

Damian has authored several academic and specialist publications and practical commentaries relating to data privacy, IT and e-commerce regulations. He also regularly gives presentations on topics related to IT, technology and data protection. He has been recognised by Chambers Europe as an Associate to watch in their TMT – Data Protection legal ranking for the years 2015-2017. 

more less

Relevant experience

  • A leading European debt recovery capital group with offices in over 15 countries - coordinating a General Data Protection Regulation (GDPR) implementation programme;
  • One of the world’s leading online retailers - on various aspects of the GDPR, including processing HR data, background checks, use of CCTV, etc.;
  • A leading global social media provider - in relation to data privacy and providing services by electronic means;
  • Polish subsidiary of a large global web-hosting provider - on website terms of use and privacy policies;
  • A major Polish mobile operator - on various aspects of personal data protection and telecommunication laws, including telecommunication secrecy, protection of users’ services, etc.;
  • Several financial groups of companies - on various aspects of data protection, including cross-selling strategies, CRM companies, client segmentation, data processing notifications, privacy notices;
  • Several Polish software houses that provide IT solutions to, e.g. the aviation and telecommunications industries – in relation to day-to-day legal counselling;
  • One of the most innovative Polish online/mobile e-book platforms – in relation to day-to-day legal counselling. 
more less


  • 2006 – Jagiellonian University in Cracow, Faculty of Law and Administration;
  • 2004 – Jagiellonian University in Cracow, European Studies;
  • 2004 – Tilburg University, Faculty of Law
more less


  • District Chamber of Legal Advisors in Warsaw
  • IAPP (International Association of Privacy Professionals)
more less
CMS strengthens its data pro­tec­tion prac­tice


Show only
3 March 2020
CMS ad­vised on in­vest­ments in the new tech­no­logy sec­tor
22 Jan 20
Po­land: Banks un­der GDPR scru­tiny
Po­land’s data pro­tec­tion watch­dog (“Per­son­al Data Pro­tec­tion Of­fice”) pub­lished its audit plan for 2020. Ac­cord­ing to that plan – this year sec­tor audits will be car­ried out, amongst oth­ers, in...
22 August 2019
The Auto­mot­ive In­dustry Re­port 2019/20
26 Nov 19
KNF’s draft com­mu­niqué on cloud com­put­ing
Re­cently, the Pol­ish Fin­an­cial Su­per­vi­sion Au­thor­ity (“KNF”) presen­ted a draft com­mu­niqué on cloud com­put­ing op­er­a­tions in­volving leg­ally pro­tec­ted in­form­a­tion (“Draft”). The Draft relates to...
30 July 2018
The Auto­mot­ive In­dustry Re­port 2018/19
05 Mar 19
Pol­ish Par­lia­ment ad­opts new pro­vi­sions to en­sure the ap­plic­a­tion...
On 21 Feb­ru­ary 2019, the lower house of the Pol­ish Par­lia­ment (Se­jm) passed new le­gis­la­tion aimed at en­sur­ing the ap­plic­a­tion of the GDPR. The new act in­tro­duces changes to more than 160 leg­al acts which...
28 Jan 19
First of­fi­cial ex­plan­a­tions of GDPR pro­vi­sions in Po­land
The new Law on Busi­ness En­tit­ies, passed in March 2018, which is part of the so-called “busi­ness con­sti­tu­tion”, au­thor­ises pub­lic au­thor­it­ies, in par­tic­u­lar com­pet­ent min­is­ters, to is­sue leg­al ex­plan­a­tions,...
23 Aug 18
Schrems 2.0, or the threat to data pri­vacy con­trac­tu­al clauses (and...
What is at stake in the Schrems 1.0 and 2.0 cases? The Schrems 2.0 case which – just this April – gained im­petus, con­cerns, first and fore­most, an as­sess­ment of the com­pat­ib­il­ity with EU law of data...