Home / People / Paulina Komorowska
Portrait of Paulina Komorowska

Paulina Komorowska

Senior Associate

CMS Cameron McKenna Nabarro Olswang Pośniak i Bejm sp.k.
Warsaw Financial Centre
ul. Emilii Plater 53
00-113 Warsaw
Languages Polish, English, German

Paulina Komorowska is an advocate and senior associate of the CMS IP/TMT Group at CMS.

She has considerable professional experience in advising clients, primarily on the protection of personal data, new technologies, e-commerce, and consumer and competition protection. Paulina supports clients from a variety of industries, including leading companies in new technologies sector, online services and ad-tech.

Paulina advises on all aspects of personal data protection (GDPR), including compliance audits; developing procedures, regulations and policies; proceedings before the Polish data protection authority; drafting and negotiating agreements on entrusting data processing; data transfers; data breach incidents; marketing and profiling activities; the implementation of whistleblowing programmes, and personal data protection related to employment. Paulina also advises clients on all aspects of online activities and providing services via electronic means as well as cybersecurity.

Paulina also specialises in issues related to counteracting unfair competition, including unfair advertising, consumer protection, proceedings before the President of the Office of Competition and Consumer Protection, representation before administrative bodies during inspections, as well as anticompetitive practices and abuse of dominant position.

She conducts training sessions for clients and participates in industry and academic conferences. She has authored several publications and is a co-author of a book on the documentation of personal data protection and one of the leading commentaries on the Competition and Consumer Protection Act. She is a doctoral candidate at the Institute of Legal Studies at the Polish Academy of Sciences


more less

Relevant experience

  • Full scope implementation of GDPR at a multinational leader providing debt solutions for banks and institutional vendors; the project included 22 companies located in 17 countries.
  • Full scope implementation of GDPR at one of the world’s largest car parts manufacturers, including analysing business processes and drafting internal documentation; the projects involved 17 companies in 11 countries.
  • Implementation of GDPR at a leading manufacturer of mining equipment, including data mapping (interviews with employees), gap analysis and work on internal documentation.
  • Assistance in compliance with data protection laws in 4 jurisdictions for a leading company in ad-tech industry.
  • Assistance in GDPR implementation in a company offering quality pet foods products.
  • Ongoing data protection advisory to a global leader in documentation and data management, including supporting the company’s group Data Protection Officer.
  • GDPR and e-privacy advisory to a global e-commerce leader business.
  • Data protection law advisory in the context of COVID-19 outbreak.
  • Development of a whistleblowing programme in a company operating in the energy industry.
  • Representation of a client during dawn raid.  
more less

Memberships & Roles

  • Member, Warsaw Bar of Advocates.
  • Member, Association of Data Protection Practitioners.
  • Member, Association of Competition Law.
  • Member, Public Law and Compliance Section by the Warsaw Bar of Advocates.
more less


  • Ph. D. candidate at the Polish Academy of Sciences
  • 2011 – Master of Law, Jagiellonian University, Warsaw
  • 2010 / 2011 – Erasmus scholarship, K.U. Leuven, Leuven
more less
CMS con­tin­ues to in­vest in its in­tel­lec­tu­al prop­erty and tech­no­logy prac­tice
Warsaw,15 Novem­ber 2017 – CMS is com­mit­ted to the de­vel­op­ment of its in­tel­lec­tu­al prop­erty and tech­no­logy prac­tice and strength­en­ing the team by hir­ing ex­perts and ex­per­i­enced law­yers, as well as ju­ni­or...


AI Strategies in Po­land
1. Are there any gov­ern­ment­al ini­ti­at­ives in your jur­is­dic­tion aimed at in­tro­du­cing leg­al reg­u­lat­ory frame­work for AI? If so, please list them. Yes. The Pol­ish Min­istry of Di­git­al Af­fairs (the “Min­istry”)...
The Auto­mot­ive In­dustry Re­port 2020/21
The Auto­mot­ive In­dustry Re­port 2020/2021 pub­lished by the Pol­ish Auto­mot­ive In­dustry As­so­ci­ation and co-au­thored by CMS takes a look at some of the key areas af­fect­ing the auto­mot­ive sec­tor. Our cross-prac­tice...
Coronavir­us (COV­ID-19) and Pri­vacy
In the last few months, we have seen or­gan­isa­tions across Europe im­pos­ing vari­ous ob­lig­a­tions on their em­ploy­ees, vis­it­ors and cus­tom­ers to fight the spread of the COV­ID-19 vir­us. The un­der­ly­ing meas­ures...
Autonom­ous vehicles law and reg­u­la­tion in Po­land
1. Is the test­ing of AVs (SAE Levels 3-5) per­mit­ted on pub­lic roads in your jur­is­dic­tion? Level 5:  Test­ing Level 5 AVs on pub­lic roads in Po­land is not per­mit­ted as the pres­ence of a per­son to take...
Loc­a­tion apps in the time of COV­ID-19
Con­tact tra­cing and loc­a­tion data-based ap­plic­a­tions have re­cently be­come the sub­ject of the heated de­bates in view of their wide­spread use in the fight against the COV­ID-19 pan­dem­ic. In re­sponse to...
Is a pri­vacy-friendly use of mo­bile ap­plic­a­tions to com­bat COV­ID-19 our...
A Pan-European Ap­proach to the Use of Mo­bile Apps and Mo­bile Data With its Re­com­mend­a­tion of 8 April 2020 on steps and meas­ures to de­vel­op a com­mon ap­proach to the use of mo­bile ap­plic­a­tions and mo­bile...
Fine for fail­ure to co-op­er­ate with the Pol­ish Per­son­al Data Pro­tec­tion...
In his re­cent de­cision the Pres­id­ent of the Per­son­al Data Pro­tec­tion Of­fice (UODO) has im­posed a fine of PLN 20,000 (the equi­val­ent of EUR 4.673,56) on the tele­market­ing com­pany - Vis Con­sult­ing Sp. z...
Whis­tleblow­ing Dir­ect­ive ad­op­ted by the EU Coun­cil
On 7 Oc­to­ber 2019, the EU Coun­cil ap­proved the word­ing of the "Dir­ect­ive of the European Par­lia­ment and of the Coun­cil on the pro­tec­tion of per­sons who re­port breaches of Uni­on law", also known as the...
High fine im­posed by the Pol­ish Data Pro­tec­tion Au­thor­ity for an in­fringe­ment...
Re­cently, the Pol­ish Data Pro­tec­tion Au­thor­ity (UODO) im­posed a fine of EUR 660,000 (PLN 2,830,410) on Mo­rele.net Sp. z o.o., a com­pany op­er­at­ing in the e-com­merce sec­tor. This is the third fine im­posed...
The Auto­mot­ive In­dustry Re­port 2019/20
The Auto­mot­ive sec­tor has for many years been a driv­ing force of European eco­nom­ic growth. The in­dustry provides dir­ect and in­dir­ect jobs to 13.8 mil­lion Europeans and gen­er­ated a sur­plus of €84.4 bil­lion...
Po­land: New list of op­er­a­tions that re­quire a data pro­tec­tion im­pact as­ses­ment
Re­cently, UODO – the Pol­ish data pro­tec­tion au­thor­ity – an­nounced a mod­i­fied list of the types of per­son­al data pro­cessing op­er­a­tions that re­quire a data pro­tec­tion im­pact as­sess­ment (List)*. What...
Happy Birth­day GDPR in CEE
May 25 marks the first an­niversary of GDPR (the European Uni­on’s Gen­er­al Data Pro­tec­tion Reg­u­la­tion came in­to ef­fect on 2018). GDPR con­tin­ues to have a sig­ni­fic­ant im­pact on how every com­pany col­lects...