Data Privacy

The Data Privacy team assists clients to ensure the compliance of their business, operations, products and services with the EU General Data Protection Regulation (GDPR), to provide business-oriented and legal advice adapted to each case and ensure that their teams act responsibly regarding data privacy and managing IT tools.

Our lawyers have more than 20 years of experience in data privacy, as well as in telecommunications, new technologies and cybercrime.

They support clients at all stages of their organisation’s compliance process and help them implement large-scale international projects, by providing them with practical, pragmatic solutions tailored to their situation. They also assist Alerion’s clients in case of audits, investigations and sanction proceedings initiated by national authorities.

In order to help clients understand and manage this complex regulatory environment, as well as local specificities, our team provides tailor-made training and awareness-raising sessions for all company levels: from management to operational teams.

International Projects:
  • Assistance in implementing international compliance projects, coordination with foreign lawyers to comply with local requirements and specificities, legal framework of data transfers outside the European Union (drafting of binding corporate rules, privacy shield), etc.
Ensuring Compliance:
  • Audits, mapping of personal data processing and related risk analysis (data protection impact assessment), processing records, approval of internal process (customer/prospect relationship management, methodology for canvassing campaigns and emailing, compliance with retention periods, rights management and security breaches), etc.
Contractual Relationship:
  • Analysis of existing contracts with clients and partners, analysis and structuring of co-responsibility cases (joint responsibility) and subcontracting cases with data processor, analysis and drafting contracts for data transfers, etc.
Human Resources:
  • Drafting and compliance of employment contracts, drafting privacy policies, structuring relationship with the staff representative bodies pertaining to the transfer of personal data, etc.
Websites:
  • Website compliance (legal notices, contact forms), drafting privacy policies and cookies management policies, validation of the “user experience”, etc.
Device Security:
  • Drafting and implementing IT policies, archiving rules, implementing retention periods indicators, procedures and assistance in case of security breaches, fight against cybercrime, etc.
Training, awareness-raising and legal monitoring:
  • Training, awareness-raising and assistance to employees, support for DPOs (“Data Policy Officers”) in their functions and for special assignments involving external DPOs, interpretation and implementation of new French, European and international regulations.
  • In France, compliance of all processing operations of an international communications and marketing group (human resources aspects, marketing, relationship with business partners, relationship with international subsidiaries, etc.);
  • Assistance to the HR department of a French company in drafting employment contracts and the privacy policy for employees and other contractors;
  • Assistance to a continuing education organization (OPCA) in supervising the transfer of its employees’ personal data to the staff representative bodies;
  • Assistance to a French company in ensuring the compliance of its activities on the market of marketing solutions and CRM systems;
  • Support to a Data Protection Officer in documenting the data retention period in accordance with processing and final purposes.