Personal Data Protection, GDPR Compliance, Cybersecurity, Crisis Management


Assistance and representation services for: Provision excl. VAT excluding costs and disbursements
Analysis and qualification of IT project, legal design 2200
Drafting of the IT security charter, adaptation of the employment contract 3500
Drafting of privacy charter 1500
Drafting of internet legal notices relating to cookies 2200
Analysis and qualification of a web project 2200
Drafting of a hosting, outsourcing contract 2900
Security assurance plan drafting 3900
Contractual action against the co-contractor 4900
Prosecution / defense in the context of an action relating to the protection of personal data 4900
Complaint before the prosecutor or dean of the investigating judges, computer crimes 1200
Computer disaster assessment coordination 1200
Internal investigation for the purpose of establishing the processing register and collecting documentation (IT and freedoms audit) 6500
Analysis of treatments and operational recommendations 3500
Impact analysis and CNIL support 3500
Writing crisis management procedure 2200
Computer risk insurance policy review 2200


Personal data law, with the Data Protection Act in 1978, then the GDPR in 2016, gives shape to current computer law, readily called digital law, or information technology law.

Computer law concerns the implementation of computer systems, software development, internet and telecommunications infrastructures. With the right to the protection of personal data, the accent is placed on one of the major challenges of computing: individual freedom. From the beginnings of information technology, the French legislator saw in this tool both a formidable development tool and also a mass surveillance tool that could easily interfere with privacy and fundamental freedoms.

The firm works on these themes in particular to support companies in their GDPR compliance, for better protection of personal data, and in IT cybersecurity, in particular to put in place the legal tools useful for crisis management.


The successes of cybergendarmes stimulate us and invite us to consider the lawyer specializing in the law of new technologies, computing and communication.

A specialist lawyer is a lawyer whose specialization is assigned by the National Bar Council according to verified criteria of experience and continuing education, professional responsibility, in line with the requirements and recommendations set by the national authorities in terms of protection. personal data (in France: CNIL) and cybersecurity (ANSSI).

In Paris, there are 68 lawyers in this specialty (directory data October 2021:

A lawyer specializing in new technologies follows in particular the topics of personal data protection law (GDPR regulations), computer security (cybersecurity), both in terms of supporting companies in their compliance approach as victims of data breaches, in their compensatory and penal remedies, in the defense of their reputation.

In compliance support, the lawyer supports the company in the following stages:

– Implementation of the personal data processing register; this step can be carried out online by the legal department, the IT department or the Data Protection Officer (DPD or DPO), or with the support of the law firm which may intervene as part of an additional investigation to verify several aspects of the register;

– Legal analysis of the processing register and the legal and operational context of this processing; the lawyer analyzes the situation as a whole, on the basis of the documentation provided by the company, to qualify the roles and responsibilities in application of the GDPR regulations and CNIL recommendations and to propose the procedures and instruments to be put in place to move towards compliance; this may involve, on a more technical level, monitoring by a certification support agency; as a legal approach, he may propose, for example, the updating of IT and insurance contracts, the security insurance plan, intra-group agreements on the transfer of personal data, the IT charter, the communication charter, the employment contract, the general and sales conditions, the review of the crisis management procedure, the continuation of an impact analysis (data protection impact assessment or "DPIA"), the appointment of a protection delegate personal data;

– On a more technical level, he will also intervene in support of the IT department or the certification agency, to determine or verify the legal framework, ISO standards and ANSSI recommendations applicable to IT security and crisis management measures ( cybersecurity) put in place or to be put in place, since this security requirement contributes to the protection of personal data, and is highly regulated both at the level of European Union law and at national level.