The entry into application of the EU Data Act on 12 September 2025 marks one of the most significant developments in European data regulation since the adoption of the General Data Protection Regulation (GDPR). While the GDPR established a comprehensive framework for the protection of personal data, the Data Act introduces a new legal regime designed to improve access to and use of data generated by connected products and related digital services.
An unauthorized transaction is a financial transaction made without the consent of the account or cardholder, for example, as a result of data theft. In such a situation, the bank is obligated to return the funds unless it can prove the customer’s intentional act or gross negligence.
Currently, there is a noticeable increase in unauthorized transactions. This causes payers and banks to lose nearly a billion złoty annually. The Polish Financial Ombudsman is noticing a growing number of requests for intervention regarding unauthorized payment transactions. In the first half of 2020 alone, it received 416 requests. This is more than in all of 2018, when there were 367. In 2019, there were 612 requests, an increase of almost 60%. It is worth noting that in the first half of 2020, requests regarding unauthorized transactions accounted for 80% of all requests related to violations of the Payment Services Act.
According to an analysis by lawyers from KG LEGAL KIELTYKA GLADKOWSKI, legal concepts such as incident and cyberattack are key elements in the EU cybersecurity and data protection law ecosystem. The fragmentation of cybersecurity law into various sectoral legal acts necessitates a comprehensive analysis of the coherence of all the legal acts comprising this ecosystem. This article demonstrates that the legal layer of cybersecurity in an incident is a highly sensitive issue from the perspective of the responsibility to protect, and therefore, responsible entities should examine the differences in the legal scope of application of individual acts. These concepts are intuitively understood but in legal practice are only superficially identical and lead to different regulatory obligations. The following summary is original and creative and can be used by entities to properly analyze their obligations under current EU law.
On 10 June 2021 KIELTYKA GLADKOWSKI will participate in the training “Digital transformation of the law firm” organised by The New Technologies Committee of the Polish Bar. The training will discuss new technologies used in legal services, technologies as a factor in changing the model of legal services, the application of artificial intelligence in legal tech as well as practical implementation of technologies in law firms.
KIELTYKA GLADKOWSKI has broad experience in legal tech sector, including technologies in document analysis, data set analysis, AI in analyses of case law and legal doctrine, Document Creation Automation, Process Automation, Data Security and Risk Analysis, cybersecurity, compliance, data, document and collaboration platforms, Online Dispute Resolution, Smart contracts, custom legal tech tool development, debt collection and document management.
