Data Protection

The Data Protection team provides practical advice tailored to the client’s situation to be sure that their business and products comply with General Data Protection Regulations (GDPR), and that their teams act responsibly regarding protecting personal data and managing IT tools.

Our lawyers have more than 20 years of experience in the area of data protection, in addition to extensive knowledge of telecommunications, technology and cybercrime.

They support clients at all stages of ensuring the compliance of their organisation and in implementing large-scale international projects, by providing them with practical, pragmatic solutions that are tailored to their situation. They will also assist clients in the event of an investigation and in investigations initiated by national authorities.

In order to help clients understand and manage this complex regulatory environment, as well as local specificities, our team provides training and awareness at all levels of the company: from management to operations teams.

International Projects:
  • Support in putting in place international compliance projects, coordination with foreign lawyers to comply with local requirements, supervision of data transfers outside the European Union (drafting of binding corporate rules, privacy shield), etc.
Ensuring Compliance:
  • Audits, mapping of personal data processing and related risk analysis (impact assessment), processing logbook, approval of internal procedures (customer/prospect relationship management, methodology for prospecting and emailing campaigns, compliance with storage periods, rights and security breach management), etc.
Contractual Relationships:
  • Analysis of existing contracts with clients and corporate partners, analysis and putting in place a framework for co-responsibility (joint responsibility) and subcontracting situations, analysis and putting in place contracts for data transfers, etc.
Human Resources:
  • Drafting and compliance of employment contracts, drafting of general employee data protection policies, supervising relations with employee representative bodies about the transfer of personal data, etc.
Websites:
  • Website compliance (legal notices, contact forms), drafting of data protection and cookie management policies, validation of the “user experience”, etc.
Device Security:
  • Drafting and putting in place IT charters, filing rules, setting up storage time benchmarks, procedures and assistance in the event of security breaches, fighting against cybercrime, etc.
Training, awareness and legislative monitoring:
  • Training, awareness-raising and providing assistance to employees and support for internal DPOs (“Data Policy Officers”) in their functions and for specific assignments involving external DPOs, as well as interpreting and implementing new French, European and international regulations.
  • In France, compliance of all processing operations of an international communications and marketing group (human resources aspects, marketing, relationships with business partners, relationships with international subsidiaries, etc.);
  • Assistance to the HR department of a French company in drafting employment contracts and the data protection policy for employees and other employees;
  • Assistance to a continuing education organization (OPCA) in supervising the transfer of its employees’ personal data to an IRP database;
  • Assistance to a French company in ensuring the compliance of its activities in the area of marketing solutions and CRM systems;
  • Support to a Data Protection Officer in documenting the data storage period in accordance with processing and final purposes.