Contract Legal Counsel – GDPR Compliance Project

Contract Legal Counsel – GDPR Compliance Project at CMS Poland (Wrocław)

CMS Poland's Wrocław office, located in the Silver Tower on ul. Powstańców Śląskich in the centre of Wrocław, is seeking a Contract Legal Counsel for a major GDPR compliance project. Wrocław's thriving technology sector — home to companies like Nokia, Credit Suisse, and numerous startups in the Wrocław Technology Park — generates significant demand for data protection expertise.

About the Role

This is a fixed-term (12-month) senior advisory role focused on delivering a comprehensive GDPR compliance programme for a major technology client. You will lead the project from gap analysis through implementation, covering all aspects of RODO (GDPR) and the Ustawa o ochronie danych osobowych. The project involves mapping data processing activities (rejestr czynności przetwarzania under Art. 30 RODO), reviewing and updating data processing agreements, conducting DPIAs, and establishing data breach response procedures.

You will also advise on cross-border data transfers in light of the Schrems II decision and current adequacy frameworks, implement privacy-by-design principles under Art. 25 RODO, and train the client's teams on data protection obligations. This role is ideal for an experienced data protection lawyer seeking a project-based engagement with potential to convert to permanent.

• Lead a comprehensive GDPR compliance project for a major technology client
• Conduct gap analysis of current data protection practices against RODO requirements
• Map data processing activities and establish Records of Processing Activities (Art. 30 RODO)
• Review and negotiate data processing agreements with controllers and processors
• Conduct Data Protection Impact Assessments for high-risk processing operations
• Advise on international data transfer mechanisms (SCCs, adequacy decisions)
• Design and deliver data protection training for the client's workforce

• Qualified adwokat or radca prawny with 3-5 years of experience in data protection law
• Expert knowledge of RODO/GDPR and the Ustawa o ochronie danych osobowych
• Demonstrated experience delivering GDPR compliance programmes or audits
• Experience with DPIAs, data mapping, and Records of Processing Activities (RoPA)
• Familiarity with UODO enforcement practice and guidance
• Fluent Polish and English; CIPP/E or equivalent certification preferred
• Available for a 12-month engagement with possibility of extension