Protection of personal data

Assistance with GDPR compliance, cybersecurity, crisis management


IT law covers the themes of system security, to support an objective of security and proper use of IT tools, and personal data law, with the Data Protection Act in 1978, then the GDPR in 2016, which protects people against immoderate registration by organizations. Cybersecurity laws strengthen the means and sanctions to repress computer intrusions.

The IT Lawyer assists you:

  • in contractual remedies and the management of criminal proceedings following a computer attack,
  • in the drafting of your IT contracts,
  • in the drafting of internal procedures related to the use of IT tools,
  • in the audit of contracts related to the implementation of the IT system and the data processed, with a view to ensuring compliance with personal data protection and IT security standards,

With the law on the protection of personal data, the emphasis is placed on one of the major challenges of information technology: individual freedom. From the very beginning of information technology, the French legislator has seen this tool as both a formidable development tool and a tool for mass surveillance that easily infringes on privacy and fundamental freedoms.

The firm works on these themes in particular to support companies in their GDPR compliance, for better protection of personal data, and in IT cybersecurity, in particular in order to put in place the legal tools useful for crisis management, and in criminal proceedings.


The successes of cybergendarmes stimulate us and invite us to take a look at the lawyer specialised in new technologies, computer and communication law.

A specialist lawyer is a lawyer whose specialisation is awarded by the Conseil National des Barreaux on the basis of verified criteria of experience and continuous training, professional responsibility, in line with the requirements and recommendations laid down by the national authorities in the field of personal data protection (in France: the CNIL) and cybersecurity (the ANSSI)

In Paris, there are 68 lawyers in this specialty (directory data October 2021:

A lawyer specialised in new technologies follows in particular the themes of personal data protection law (RGPD regulation - "GDPR" in English), computer security (cybersecurity), both in terms of accompanying companies in their compliance process and victims of data breaches, in their indemnity and penal recourses, in the defence of their reputation.

The lawyer supports the company in the following steps in the compliance process:

- Setting up the register of personal data processing; this step can be carried out online by the legal department, the IT department or the Data Protection Officer (DPO), or with the support of the law firm, which can intervene as part of a complementary investigation in order to verify several aspects of the register;

- Legal analysis of the processing register and the legal and operational context of this processing; the lawyer analyses the situation in its entirety, on the basis of the documentation provided by the company, to qualify the roles and responsibilities in application of the RGPD regulation and the CNIL recommendations and to propose the steps and instruments to be put in place in order to move towards compliance; this may involve, on a more technical level, the monitoring by a certification support agency; As a legal approach, it may propose, for example, updating IT and insurance contracts, the security insurance plan, intra-group agreements on the transfer of personal data, the IT charter, the communication charter, the model employment contract, the general terms and conditions of sale, the review of the crisis management procedure, the continuation of a data protection impact assessment (DPIA), and the appointment of a personal data protection officer;

- On a more technical level, it will also support the IT department or the certification agency in determining or verifying the legal framework, ISO standards and ANSSI recommendations applicable to the IT security and crisis management (cybersecurity) measures implemented or to be implemented, since this security requirement is part of the protection of personal data, and is highly regulated both at European Union and national level.



Assistance and representation services for : Provision excl. VAT excluding costs and disbursements
Analysis and qualification of IT project, legal design 2200
Drafting of the IT security charter, adaptation of the employment contract 3500
Drafting of privacy charter 1500
Drafting of internet legal notices relating to cookies 2200
Analysis and qualification of a web project 2200
Drafting of a hosting contract, facilities management 2900
Drafting of safety assurance plans 3900
Contractual action against the co-contractor 4900
Lawsuit/defence in the context of an appeal relating to the protection of personal data 4900
Complaint to the public prosecutor or senior investigating judge, computer crimes 1200
Coordination of computer damage adjustment 1200
Internal survey for the purpose of establishing the register of processing operations and collecting documentation (IT audit) 6500
Analysis of treatments and operational recommendations 3500
Impact analysis and CNIL support 3500
Writing crisis management procedure 2200
IT risk insurance policy review 2200