Protection des données


Personal data and privacy

Processing projects (CRM, HRM, call centers, monitoring tools, marketing campaigns, ethics lines – whistleblowing, web sites and online data collection tools, access control via biometrics etc)
Registration and prior authorization applications before authorities (CNIL and counterparts in other countries)
Draft of mandatory notices
Support in handling access requests
Solutions for the transfer of data outside of the European Community
Company policies for the use of IT resources
Outsourcing agreements
Support during investigations and sanctions proceedings carried out by authorities (CNIL and counterparts in other countries)
Security policies and crisis management in case of data losses
Privacy policies
Sensitization and training programmes

Breaking News:

Consequences of Brexit on data protection

Regime of data transfers to the United Kingdom

As part of the Trade and Cooperation Agreement concluded on 24 December 2020, the United Kingdom and the European Union have agreed that the General Data Protection Regulation (GDPR) will continue to apply in the United Kingdom on a transitional basis......

A record-€50 millions fine for GOOGLE by the CNIL – The French Privacy Protection Authority

On January 21st, the CNIL sanctioned Google with a €50 million fine pursuant to the GDPR for lack of transparency, default of user’s information and a lack of valid consent during processing of personal data for personalized advertising purposes.

This sanction follows class-action-like collective......

Transposition of the new GDPR provisions – Publication of Decree n° 2018-687

Following the adoption of GDPR, France started to transpose this new European regulatory framework regarding data protection within its legal system. France thus made a first step in this process, as Parliament adopted the Law n° 2018-493 which modifies the Law of 1978 regarding personal data.


Sapin II law: What are the new obligations for companies?

The law n°2016-1691of 9 December 2016 targeting transparency, anti-bribery and the modernization of the economic life, known as "Loi Sapin II" imposes new requirements for some companies and notably:

1.         for companies having at least 50......

ECHR sets out the circumstances under which employees messages can be monitored

In its decision dated 5 September 2017, the Grand Chamber of the European Court of Human Rights (ECHR) sets out the circumstances under which employers can monitor their employees’ personal electronic communications at their workplace. It also states under which circumstances employers can use the......

The French Supreme Court dispels any doubt: an IP address is personal data

In its decision dated 3 November 2016, the French Supreme court brings to an end many years of uncertainty by explicitly acknowledging the status of personal data of an IP address.

The question relating to the IP address status has long been subject to debate within French judicial authorities......

Privacy Shield: promises of a better protection of personal data

Since the Court of Justice of the European Union declared on October 6, 2015 that the "Safe Harbor" was invalid, a new framework for transatlantic data flows has been expected in order to facilitate the transfer of personal data to the United States.

After several months of negotiation......