The regulator's perspective to anticipate the risks and defend your interests
Odoné advises and represents French and international companies in complex data-protection and AI matters, by combining technical excellence and pragmatism, from compliance advisory to pre-litigation and litigation.
+20years
7years at the CNIL
30clients
100%
80%
When compliance becomes strategic, the regulator's perspective becomes essential
With over 20 years of experience, Odoné supports leading organisations with rigorous, pragmatic and accessible guidance.
Pre-litigation
Interactions with the CNIL's complaints department, assistance during and after CNIL's inspections, data breach notifications, and management of formal notices.
Litigation
Before the CNIL's Restricted Committee and the French Council of State.
Interactions with the CNIL
Advisory requests, participation in public consultations, and involvement in CNIL-led working groups.
Mock CNIL's inspections
Both on-site and online, including detailed cookie audits.
Assistance with DPO transitions
Helping secure an effective handover between the departing and incoming DPO.
Legal advice
Legal advice on complex data-protection and artificial intelligence matters.
Joanna Masson
Before founding Odoné, Joanna spent seven years in leading international law firms.
She then joined the French Data Protection Authority (CNIL), where she worked within the Compliance Directorate and later in the Sanctions Departmentt.
In this role, she supported major corporations, private-sector organisations and government ministries in their in their GDPR and French data-protection compliance efforts.
Since 2022, Joanna has also been a lecturer in data-protection law at École des Ponts ParisTech.
She holds a dual Master’s degree in French and English law (University of Cambridge and Paris II Panthéon-Assas), a Master’s degree in Industrial Property Law (Paris II), and a Master’s degree in Private Law (Paris I Panthéon-Sorbonne).
“Supporting a client means reconciling legal requirements and operational reality. Our mission: to provide clarity and security in a constantly evolving framework and to translate legal requirements into concrete solutions.”
— Joanna Masson
Emma Hanoun
A lawyer at the Paris Bar for four years, Emma works alongside Joanna.
Emma started her career in the legal department of a large international group, before joining a boutique firm where she managed the IT department as a counsel.
She holds a Master’s degree in Private Law (Paris II Panthéon-Assas), a University Diploma in Technology and Digital Law (Paris II Panthéon-Assas), and a Master’s degree in Multimedia and IT Law (Paris II Panthéon-Assas).
“Compliance is a corporate culture before it is a legal requirement. It is a marker of trust and a factor of credibility.”
— Emma Hanoun
Executives, in-house counsel, DPOs and former CNIL colleagues attest to the firm’s ongoing commitment to excellence, grounded in rigor, proximity and determination.
“I regularly work with Me Joanna Masson on matters involving personal data.
Her support has consistently been effective, marked by professionalism, responsiveness and an ability to adapt to each situation.
Her diverse experience and in-depth knowledge of the applicable regulations enable her to offer a pragmatic and rigorous approach.
Working with her is always a pleasure.”
“Joanna is a well-respected expert in data protection. Her strong subject-matter expertise and understanding of how companies operate enable her to balance legal constraints with business imperatives.”
“A highly competent, responsive and pragmatic lawyer who has supported us on a wide range of strategic projects. Joanna adapts smoothly to all types of stakeholders, and her risk-management approach was appreciated by everyone.”
“I work regularly with Joanna on complex and strategic data matters. She notably assisted us in conducting a mock CNIL inspection, from which we gained valuable insights. Joanna is responsive, dynamic and has an in-depth knowledge of the regulatory framework.”
“I worked with Joanna at the CNIL on several technically complex cases. She has a strong understanding of security requirements and quickly grasps technical issues. She is pragmatic, efficient and shows excellent judgement in her analyses. Working with her is a real pleasure. I recommend Joanna without hesitation!”
“Joanna is a highly skilled professional, with a deep data-protection expertise and working with her is always a pleasure. I was very pleased to have her as a colleague at the CNIL."
“Odoné assisted us both in contributing to a CNIL working group and in negotiating a public contract on complex data-protection matters. The firm combines solid expertise with pragmatic, responsive and close support for our teams.”
“I worked with Joanna for several years at the CNIL, notably on transport and energy matters. She has a deep and precise understanding of data-protection law and combines strategic vision with pragmatic judgement. She is able to assess complex issues rapidly and provide clear, practical advice.”
“Working with Odoné for several years on particularly sensitive data protection issues in the energy sector, we appreciate their responsiveness and pragmatism. Thanks to their detailed understanding of how the regulator works, they regularly assist us in complex situations, especially in the pre-litigation phase.”
“The Odoné firm supported us in our exchanges with the CNIL on complex personal data subjects, specific to the energy sector. Their regulatory expertise and the clarity of their analyses make them a trusted partner on the most sensitive issues.”
Why choose a boutique firm over a large full-service firm?
When it comes to personal data, technical expertise and responsiveness are paramount. Odoné provides bespoke support, grounded in a thorough understanding of legal mechanisms and direct client relationships. This agility enables us to deliver precise, swift and strategic solutions, even on the most complex matters.
How does your experience at the CNIL create added value for your clients?
The seven years Joanna spent at the CNIL provide the firm with in-depth knowledge of the regulator's practices and its approach to enforcement and sanctions. This experience enables us to anticipate the authority's expectations, build robust arguments and develop compliance and defence strategies that are both credible and effective.
How do you intervene during a CNIL's inspection or in pre-litigation matters?
The CNIL is often perceived as a "black box". We provide our clients with the necessary visibility to anticipate the next steps: explaining the investigation process, defining the defense strategy and conducting communications with the authority. Our objective is to secure the client's position, mitigate financial and reputational risks and, where possible, re-establish constructive dialogue with the CNIL.
Do you support DPO transitions?
Yes. We assist during DPO transitions to ensure a smooth and structured handover. This includes mapping the outgoing DPO's activities, describing ongoing projects and identifying key points of attention to facilitate the incoming DPO's onboarding.
Do you carry out mock CNIL inspections?
Yes. We perform “mock audits” to prepare clients for the CNIL’s methods and expectations. These simulations raise team awareness on how to act during an inspection, assess compliance levels on specific topics, and identify priority areas for improvement. We also conduct online audits, notably regarding cookie and tracker compliance, to detect potential non-compliance issues.
Do you also provide support on artificial intelligence compliance matters?
Yes. We assist companies with the implementation of the AI Act. Our approach is to anticipate governance obligations, assess risks, and document compliance, integrating these new requirements into existing compliance frameworks.
Do you take on external DPO roles?
No. The firm does not act as an outsourced DPO, as this role requires day-to-day operational involvement that falls outside our scope. We support internal or outsourced DPOs on sensitive matters, complex issues, or CNIL inspections.
Do you represent individuals, for example, in the context of a complaint before the CNIL?
No. The firm exclusively acts for companies in relation to their interactions with the CNIL or compliance and data protection matters. Our practice focuses on supporting professional actors — from strategic advice to litigation — to secure their operations and positions vis-à-vis the regulator.
Why has compliance become a strategic issue for businesses?
Because it is now a trust factor and a marker of credibility. A company that controls its data processing strengthens its legal certainty, protects its reputation and gains legitimacy with its clients and partners.
How do you reconcile technical excellence and accessibility for your customers?
The firm’s strength lies in a simple and direct relationship with clients, based on trust and engagement at every stage. Technical excellence only has value if it remains understandable and actionable — our role is to deliver precise, practical, and immediately implementable solutions.
What are the deadlines and procedures for your intervention?
We place great importance on responsiveness and transparency. The timing and fees for our engagement are always agreed upon in advance, based on the mission’s complexity and duration.