Open navigation
Search
Offices – Poland
Explore all Offices
CMS Poland
Global Reach

Apart from offering expert legal consultancy for local jurisdictions, CMS partners up with you to effectively navigate the complexities of global business and legal environments.

Explore our reach
Insights – Poland
Explore all insights
Trending Topics
Insights by type
Featured

Our CMS Expert Guides provide you with in-depth legal research and insights.

Learn more
Search
Expertise
Explore all expertise
Insights

CMS lawyers can provide future-facing advice for your business across a variety of specialisms and industries, worldwide.

Explore topics
Practice Areas
Practice Areas
Sectors
Sectors
Offices
Explore all Offices
Global Reach

Apart from offering expert legal consultancy for local jurisdictions, CMS partners up with you to effectively navigate the complexities of global business and legal environments.

Explore our reach
CMS Poland
CMS Poland
Insights
Explore all insights
Featured

Our CMS Expert Guides provide you with in-depth legal research and insights.

Learn more
Trending Topics
Trending Topics
Insights by type
Insights by type
About CMS
More about CMS
More about CMS
Careers
Careers

Select your region

International Europe Africa Asia-Pacific The Americas Middle East
Damian Karwala
Counsel

Damian Karwala

Warsaw, Poland
Languages
  • Polish
  • English
Social media

Damian Karwala is an attorney-at-law and counsel in the Intellectual Property and Technology, Media & Telecommunications practice at CMS Poland.

He has over 20 years of experience advising leading Polish and international clients on a wide range of legal and regulatory challenges in the digital space.

His practice spans personal data and privacy, cybersecurity, AI, IT (including cloud) and telecoms law, e-commerce and digital transformation. Damian supports clients across various sectors, including banking, insurance, telco, pharmaceuticals, media and technology - working with major banks, insurers, software houses, and providers of key digital platforms and services.

On the tech side, he has led legal support for numerous IT system implementations for telecom operators, banks, and insurers. He also provides legal and incident management services in relations with cybersecurity breaches and personal data violations.

Damian is a recognised GDPR expert, with experience in audits, internal policy implementation, and cross-border data transfer strategies. He has successfully represented clients before Poland’s Data Protection Authority and administrative courts.

Awards & Recognitions
01
  • Quote
    “Damian Karwala is a great data protection lawyer and he strongly specialises in this area.”
    Chambers European Guide TMT: Data Protection
  • Quote
    “Damian Karwala has shown great proactiveness, data- and privacy-related expertise and outstanding communication skills.”
    Legal 500 Data Privacy and Data Protection
  • Quote
    “Expertise, responsiveness, close collaboration and dedication put together to serve a client. Damian Karwala stands out as an expert on international data transfers.”
    Legal 500 Data Privacy and Data Protection

Relevant experience

  • Iron Mountain, on its Global Data Residency project and development of Binding Corporate Rules, enabling compliant cross-border data transfers. Coordinating work across 25+ jurisdictions, advising on implementation of new SCCs, and supported formal proceedings with the Lead Authority - crucial for Iron Mountain’s global data-driven operations across regulated sectors.
  • One of the biggest global cloud providers, on its day-to-day legal matters relating to cloud computing and cybersecurity in Poland, including advice on DORA, NIS2, sovereign cloud, and national cybersecurity legislation. Our work supports compliance with cutting-edge regulatory frameworks shaping the future of digital resilience and cloud adoption in the EU.
  • Ocado, on various regulatory issues, including cybersecurity, telco, critical infrastructure, radio equipment, and electromagnetic compatibility-related requirements, affecting the client’s business in Poland.
  • Canon Europe Ltd., on analysing a new service to check whether it falls under the scope of the Digital Services Act (DSA), in particular whether the service qualifies as an intermediary service under the DSA.
  • Box, on a complex data protection project which was crucial from the client’s global business perspective and its ability to offer its services post-Brexit and post-Schrems II. 

Memberships & Roles

  • Warsaw Bar Association of Attorneys-at-Law
  • Association of Data Protection Practitioners, Lazarski University     

Education

  • Jagiellonian University in Cracow, Faculty of Law and Administration
  • Jagiellonian University in Cracow, European Studies
  • Tilburg University, Faculty of Law

Damian Karwala is an attorney-at-law and counsel in the Intellectual Property and Technology, Media & Telecommunications practice at CMS Poland.

He has over 20 years of experience advising Polish and international clients on cybersecurity, data protection, IT and telecoms law, and digital transformation.

Damian supports clients across such sectors as finance, insurance, telecommunications, pharmaceuticals, and technology, including banks, insurers, software houses, and operators of key digital platforms. He has led legal support for IT and telecom system implementations, focusing on secure system design, regulatory compliance, and cyber risk management. He advises clients on cyber incident response, breach reporting, and implementing robust cybersecurity governance frameworks.

A recognised GDPR and cybersecurity expert, Damian has experience in audits, internal policy implementation, cross-border data transfers, and representing clients before the Polish Data Protection Authority and administrative courts in matters involving data breaches and cybersecurity compliance.   

Relevant experience

  • A leading global manufacturer of mining equipment on handling data breach incident, analysing circumstances and recommending further steps and actions, which included involving lawyers from various CMS offices. We have also prepared a data breach notification policy for this client.
  • A leading global semiconductor manufacturer on a cybersecurity and multijurisdictional personal data breach incident. Our role was to assist the client in its cyber-incident response and reporting obligations, including notifying the Data Protection Authority in Poland. In this case, we represented the client before the Polish authority and addressed detailed queries related to the breach. The case was successfully closed by the authority with no negative consequences for the client.
  • One of the world's largest providers of HR solutions on cybersecurity and multijurisdictional cybersecurity and personal data breach incident. Our role was to assist the client in its cyber incident response, risk mitigation, reporting obligations (including notifying the Data Protection Authority and affected data subjects) and handling data subjects’ rights. We also represented the client before the Polish Data Protection Authority in this case. This is one of the major instructions handled by the team, keeping us busy for several months. 

Memberships & Roles

  • Warsaw Bar Association of Attorneys-at-Law
  • Association of Data Protection Practitioners, Lazarski University     

Education

  • The Catholic University of Lublin, Faculty of Law, Canon Law and Administration
  • Jagiellonian University in Cracow, Faculty of Law and Administration
  • Tilburg University, Faculty of Law   
sectors
TMT - Technology, Media & Telecommunications Data Protection

Further reading

  • CMS strengthens its data protection practice

  • CMS continues to invest in its intellectual property and technology practice

Insights by Damian

See all Insights
Poland
Law-Now · 03 Apr 2025
Polish DPA takes tougher stance on data breaches
1 min read
Poland
Law-Now · 09 Nov 2023
Poland takes further step towards implementing 5G technology
1 min read
Poland
Law-Now · 25 Oct 2023
Polish law creates new rules on banking outsourcing
1 min read
Poland
Law-Now · 29 Mar 2022
Record high GDRP related fine in Poland
1 min read
Back to top
If you want to use third party tools, please enable personalisation cookies as part of your cookie preferences. You can change this setting at any time via the button below or in our Cookie Notice.