GDPR & CNIL’s requirements: general compliance
Audit, mapping of personal data processing, identification of potential breaches of data protection regulations and implementation of a strategic compliance plan;
Review and update of internal procedures: methodology for e-mailing marketing campaigns, definition and implementation of data retention periods, management of individual rights, implementation of adequate security measures, etc.;
Legal advice and occasional or regular support on issues related to the protection of personal data.
GDPR & ePrivacy: website and mobile apps compliance
Review or drafting of privacy policies and contact forms;
Review or drafting of cookie banners;
Review or drafting of the check boxes aimed at obtaining consent for commercial solicitations.
GDPR & Due diligence
In the context of M&A transactions, audit of the personal data processing implemented by the target company or the seller to assess the seriousness of the risk and the probability of its occurrence and advise on how to regularize potential points of non-compliance. Deliverables format is adapted to the client’s needs (full audit report, executive summary, red flag, update conf-calls and progress bulletins). Drafting language can be French or English.
Audit of contractual relationships from the point of view of personal data
Analysis of contractual relationships with partners or customers to determine the roles and responsibilities of each party in terms of personal data;
Review of agreements entered with data processors to ensure the presence of the mandatory provisions required by the GDPR.
GDPR - CNIL - Training
Delivering training on personal data protection issues and on concrete methods to comply with the applicable rules.