Protection of personal data
Assistance with GDPR compliance, cybersecurity, crisis management
IT law covers the themes of system security, to support an objective of security and proper use of IT tools, and personal data law, with the Data Protection Act in 1978, then the GDPR in 2016, which protects people against immoderate registration by organizations. Cybersecurity laws strengthen the means and sanctions to repress computer intrusions.
The IT Lawyer assists you:
- in contractual remedies and the management of criminal proceedings following a computer attack,
- in the drafting of your IT contracts,
- in the drafting of internal procedures related to the use of IT tools,
- in the audit of contracts related to the implementation of the IT system and the data processed, with a view to ensuring compliance with personal data protection and IT security standards,
With the law on the protection of personal data, the emphasis is placed on one of the major challenges of information technology: individual freedom. From the very beginning of information technology, the French legislator has seen this tool as both a formidable development tool and a tool for mass surveillance that easily infringes on privacy and fundamental freedoms.
The firm works on these themes in particular to support companies in their GDPR compliance, for better protection of personal data, and in IT cybersecurity, in particular in order to put in place the legal tools useful for crisis management, and in criminal proceedings.
A specialist lawyer is a lawyer whose specialisation is awarded by the Conseil National des Barreaux on the basis of verified criteria of experience and continuous training, professional responsibility, in line with the requirements and recommendations laid down by the national authorities in the field of personal data protection (in France: the CNIL) and cybersecurity (the ANSSI)
In Paris, there are 68 lawyers in this specialty (directory data October 2021: https://www.avocatparis.org/annuaire)
A lawyer specialised in new technologies follows in particular the themes of personal data protection law (RGPD regulation - "GDPR" in English), computer security (cybersecurity), both in terms of accompanying companies in their compliance process and victims of data breaches, in their indemnity and penal recourses, in the defence of their reputation.
The lawyer supports the company in the following steps in the compliance process:
- Setting up the register of personal data processing; this step can be carried out online by the legal department, the IT department or the Data Protection Officer (DPO), or with the support of the law firm, which can intervene as part of a complementary investigation in order to verify several aspects of the register;
- Legal analysis of the processing register and the legal and operational context of this processing; the lawyer analyses the situation in its entirety, on the basis of the documentation provided by the company, to qualify the roles and responsibilities in application of the RGPD regulation and the CNIL recommendations and to propose the steps and instruments to be put in place in order to move towards compliance; this may involve, on a more technical level, the monitoring by a certification support agency; As a legal approach, it may propose, for example, updating IT and insurance contracts, the security insurance plan, intra-group agreements on the transfer of personal data, the IT charter, the communication charter, the model employment contract, the general terms and conditions of sale, the review of the crisis management procedure, the continuation of a data protection impact assessment (DPIA), and the appointment of a personal data protection officer;
- On a more technical level, it will also support the IT department or the certification agency in determining or verifying the legal framework, ISO standards and ANSSI recommendations applicable to the IT security and crisis management (cybersecurity) measures implemented or to be implemented, since this security requirement is part of the protection of personal data, and is highly regulated both at European Union and national level.
The draft regulation of generative AI prepared by data protection authorities
"Let's protect our data with regulated generative AIs!" Update May 2023: A Privacy and Copyright Friendly Prompt When Text Mining Introduction The draft Generative AI Regulations are a document...
Profiling regulation - The IT lawyer in Paris answers
What does the regulation say about the profiling of persons in computer processing, the opinion of a lawyer in computer law in Paris The regulation on the protection of personal data, such as the General Data Protection Regulation (GDPR) and the...
Data transfer: the necessary assessment of foreign legislation?
Update November 2, 2022 The European Data Protection Board (EDPB) provides its framework for compliance with the GDPR in the event of data transfer outside the European Union. Recommendations 01/2020 on measures thatsupplement transfer tools to...
|Assistance and representation services for :||Provision excl. VAT excluding costs and disbursements|
|Analysis and qualification of IT project, legal design||2200|
|Drafting of the IT security charter, adaptation of the employment contract||3500|
|Drafting of privacy charter||1500|
|Drafting of internet legal notices relating to cookies||2200|
|Analysis and qualification of a web project||2200|
|Drafting of a hosting contract, facilities management||2900|
|Drafting of safety assurance plans||3900|
|Contractual action against the co-contractor||4900|
|Lawsuit/defence in the context of an appeal relating to the protection of personal data||4900|
|Complaint to the public prosecutor or senior investigating judge, computer crimes||1200|
|Coordination of computer damage adjustment||1200|
|Internal survey for the purpose of establishing the register of processing operations and collecting documentation (IT audit)||6500|
|Analysis of treatments and operational recommendations||3500|
|Impact analysis and CNIL support||3500|
|Writing crisis management procedure||2200|
|IT risk insurance policy review||2200|