This site uses cookies, so that our service can work better. Learn more I understand
dr Michał Mostowik
Warsaw Office
Ogrodowa City Gate
ul. Ogrodowa 58
00-876 Warsaw
tel. +48 22 652 26 18

Cracow Office
ul. Królowej Jadwigi 237
30-218 Cracow
tel. +48 12 410 07 47
Dr Michał Mostowik is a lawyer and graduate of Jagiellonian University in Krakow, he defended a doctoral dissertation on personal data protection in the Internet of things under EU law. He completed the „Certificate in American Law” programme at UC Berkeley (Boalt Law School). Michał is also a graduate of the School of German Law held by Jagiellonian University in cooperation with universities of Heidelberg and Mainz.
Representative at the Special Task Force for Financial Innovation in Poland (FinTech) coordinated by the Polish Financial Supervision Authority and participant of the “Blochchain and cryptocurrencies” working group as part of the “Cashless Poland, Paperless Poland” initiative of the Polish Ministry of Digitalisation. He represented a financial institutions’ organization in legislative procedure (including law-making process of the new framework of sectorial data protection rules). He is a member of the Polish European Law Association (Polskie Stowarzyszenie Prawa Europejskiego).
Michał focuses on banking law, regulations of financial technologies, data privacy law and EU law. He has a long-standing experience in advising banks, financial institutions and technology companies. He is an author of several articles and other publications on banking law and financial technologies. Michał was an academic teacher at Jagiellonian University, and he is a highly valued speaker at various conferences and seminars.

He advises in Polish (native) and English languages, he also speaks German.
  1. „Artificial Intelligence, Internet of Things - discussion of enthusiasts and sceptics” - Oxford debate at the conference "Internet of Things - Future of Poland", Ministry of Digitalisation, Warsaw, July 2019.
  2. „Act on Payment Services after the implementation of PSD II” - an internal training for the supervisory authority, Warsaw, May 2018.
  3. „GDPR in a month – last check”, Payment Meeting, Warsaw, April 2018.
  4. „GDPR4FIN: dLK class for Fintech professionals”, Warsaw, April 2018.
  5. „Implementation of PSD II (main changes)”, co-lecturer at the series of workshops for the supervisory authority, Warsaw, March-April 2018.
  6. „New PSD2 and GDPR ", Dyrektywa PSD2: Open Banking po polsku, Puls Biznesu, Warsaw, March 2018.
  7. „General Data Protection Regulation (RODO – GDPR)” workshop for the National Association of Cooperative Banks, Warsaw, February 2018.
  8. „General Data Protection Regulation (GDPR)”, internal workshop for a company active in payment industry, February 2018.
  9. „The scope of application of GDPR and national law in financial industry”, The financial sector facing the challenges of GDPR - experience in the market so far, proposed solutions, MM Conferences S.A., Warsaw, December 2017.
  10. „The PSD2 interface”, PSD-2-GO, dLK class for FinTech professionals, Warsaw, December 2017.
  11. „Processing of personal data by insurance intermediaries in the light of new regulations”, Dystrybucja ubezpieczeń po implementacji IDD, MM Conferences S.A., Warsaw, June 2017
  12. „Financial sector’s information security in the light of current economic and technological changes”, Ogólnopolska konferencja: UE wobec wyzwań ekonomii przyszłości, KN Prawa Unii Europejskiej TBSP UJ, Cracow, May 2017
  13. "Fintech trends and Applications" (panel discussion), Money 20/20 Roadshow, Budapeszt, April 2017 r.
  14. „Processing of personal data by financial institutions in the light of PSD2”, Bezpieczeństwo danych Klienta w Instytucjach Finansowych w świetle nowych regulacji, MM Conferences S.A., Warsaw, March 2017
  15. "Will Financial Services as We Know Them Survive in the Upcoming Decades?", panel discussion, Phoenix 2016 FinTech Conference for CEE, European Business Conferences Group, Prague, June 2016 r.
  16. „Incident notification – possibility of data breach”,  Nowe ramy prawne ochrony danych osobowych – obowiązki i wyzwania dla przedsiębiorców, MM Conferences S.A., Warsaw, June 2016.
  17. "Cybercrime and Liability", Workshop Cyber Risks in Inland Navigation, IVR Congress, Cracow, May 2016.
  18. "Bank secrecy and personal data protection  in outsourcing", Outsourcing bankowy – organizacja, zarządzanie i kontrola czynności powierzonych, MM Conferences S.A., Warszawa, April 2016.
  19. „IT incidents in banking”, XXVIII Forum Bankowości Elektronicznej: Bezpieczeństwo Finansowe w Bankowości Elektronicznej, CPI, Warszawa, February 2016.
  20. „Application of European rules for the transfer and protection of personal data”, Problematyka przetwarzania i ochrony danych osobowych w instytucjach finansowych, MM Conferences S.A., Warsaw, December 2015.
  21. „Legal and practical approach to the authorization of internet and mobile payments”, Bezpieczeństwo płatności elektronicznych w świetle najnowszych zmian prawnych, MM Conferences S.A., Warsaw, November 2015.
  22. „Remember or forget? Boundaries of privacy protection on the Internet”, konferencja naukowa Inteligentna i zrównoważona gospodarka sprzyjająca włączeniu społecznemu – wyzwania dla systemów prawnych Unii Europejskiej i państw członkowskich, Gródek n/Dunajcem, June 2015.
  23. "Cross-border aspects of alternative investment fund managers’ (“AIFM”) activities", Dyrektywa ZAFI - implementacja przepisów i istniejące problemy, MM Conferences S.A., Warsaw, March 2015 r.
  24. "Banking without banks? – vision of European regulation on banking services market", III Polski Kongres Regulacji Rynków Finansowych FinReg2014, Instytut Allerhanda, Warsaw, October 2014 r.
  25. „Security of sashless transactions – practical application of law, perspectives of evolution”, Sympozjum Transakcji Bezgotówkowych, Puls Biznesu, Warsaw, May 2014.
  26. „Withdrawal from the agreement in the light of consumer directive”, Nowa ustawa o prawach konsumenta, nowe obowiązki dla przedsiębiorców, mmconferences, Warsaw, March 2014.
  27. „Clients’ data protection in inteligent energy networks”, Prawo konsumenckie w branży energetycznej – najnowsze zmiany i istniejące problemy, MM Conferences S.A., Warsaw, October 2013.
  28. „The notice and takedown procedure in Polish law – the necessity to amend”, Ogólnopolska Interdyscyplinarna Konferencja Naukowa Paragraf w sieci, Toruń, March 2013.
  29. „A Summary of the Draft Regulation on Data Protection in the EU”, Unijne podsumowanie roku 2012 – The EU Summary of the Year 2012, Cracow, March 2013.
  30. „Do we need e-passport and biometrical databases?” Bezpieczeństwo technologii biometrycznych. Ochrona danych biometrycznych, UKSW oraz Naukowe Centrum Prawno Informatyczne, Warsaw, December 2011.
  1. „Utilisation of account information under the PSD2 and the GDPR” (co-author), Monitor Prawa Bankowego 2018, no. 5 (90).
  2. "Legal protection of payment account information in light of account information services", Monitor Prawa Bankowego 2017, 7-8 (80-81).
  3. „System of the Merchant Protection under EU Interchange Fee Regulation”, Monitor Prawa Bankowego 2017, no 6 (79).
  4. „Polish Law Review in the Context of Application of Distributed Ledger Technology and Digital Currencies” (co-author), K. Zacharzewski, K. Piech [red.], Ministerstwo Cyfryzacji, Warsaw 2017.
  5. „The Code of Good Practice for Cryptocurrency Market Players in Poland” (co-author), K. Zacharzewski, K. Piech, L. Wilczyński [red.], Ministerstwo Cyfryzacji, Warsaw 2017.
  6. „Banking without banks? – EU vision of regulationg banking services”, Polityka i praktyka regulacji rynków finansowych, [red.] W. Rogowski, Oficyna Allerhanda, Cracow-Warsaw, 2015.
  7. “Jungle of designs - modern recognition of the design right on the example of unregistered community design, „Prawo własności intelektualnej – wyzwania współczesności”, AT Wydawnictwo, Cracow 2012.