Legal skills

Personal data law & GDPR

Derriennic Associates, buoyed by over thirty years of experience, has developed significant involvement and expertise in terms of personal data protection. It began to focus at a very early stage on the questions and difficulties that the regulatory framework throws up. Since 2016, the office has been supporting more and more private and public players as they seek to achieve GDPR compliance. In that context, the office quickly put in place a dedicated “GDPR” team. This team was further expanded in 2018 thanks to the arrival of some new members, including a former jurist with the French National Commission for Data Protection and Liberties or “CNIL”. Because they also have a solid grounding in the world of business, the office’s lawyers fit in easily with their clients when they are assigned to an in-depth GDPR matter. The office has nurtured some very strong partnerships with experts in security and IT systems and data analysis, which equips our lawyers to offer clients a full service, marrying legal skills with technical know-how. The office offers a very diverse palette of services, which can be rolled out at every level in the process of achieving GDPR compliance:
  • risk and processing mapping,
  • compliance audit,
  • definition and deployment of governance rules,
  • creation of internal compliance procedures (exercise of rights, notification of data breaches, etc.),
  • privacy impact assessment (PIA),
  • regularisation of service contracts,
  • management of cross-border traffic,
  • retention and deletion policy,
  • etc.
The office has equally developed a Data Protection Officer (DPO) service for businesses wishing to outsource this function. The DPO is the compliance “mastermind” when it comes to protecting personal data within an organisational structure. Its wide range of tasks includes:
  • notifying and advising the data controller (or the subcontractor);
  • checking compliance with the regulation (GDPR) and national law (in France, this is the “Loi Informatique et Libertés” or Data Protection Act) in terms of the protection of personal data;
  • advising the organisation on the completion of a data protection impact analysis and checking its implementation;
  • cooperating with the supervisory body (in France, the CNIL) and acting as its point of contact.
The DPO’s remit covers all the processing operations conducted by the body which has appointed it. The office, which includes a dedicated data protection team, carries out these DPO tasks on behalf of its clients. This means that depending on the client’s needs, the services offered by the office are very diverse and can be integrated at every level of the process of achieving GDPR compliance.
Team : Alexandre FIEVEE, François-Pierre LANI, Bruno DUCOULOMBIER, Georges JENSELME, Géraldine PACAUT, Alice ROBERT, Sophie DUPERRAY,