Data privacy and data protection in France

August Debouzy

August Debouzy has an established presence in the market, largely due to the presence of practice head Florence Chafiol, who has led the team since 2004 and impresses with her long track record of data protection audit matters and litigation. Crisis management, particularly in crises caused by cybersecurity breaches or data leaks, are another area of strength. The caseload attests to the group's longstanding experience in cross-border work, which account for the majority of instructions, partly because of the team's international client list which includes a strong raft of French companies operating globally alongside major players from outside of France. In July 2019, the firm hired a chief digital officer to bolster its technological services for the benefit of its clients.

Practice head(s):

Florence Chafiol


The data privacy department managed by Florence Chafiol is exceptional: it has a wide range of competences that allows them to fully understand all the ins and outs of our difficulties, needs, preoccupations. Each time, they are able to provide an opinion that answers all our questions, leaving nothing answered (as others regularly do). They are inventive and capable of mobilising other forces in the law firm when needed.

The firm has a very good IT law practice, which makes them a great go-to firm for privacy matters. They have an excellent track record of seconding their lawyers on long-term assignments to in-house departments which allows for building great client relationships and for pragmatic counsel that understand in-house challenges and ways of working.

Florence Chafiol is to put it simply the expert in data & privacy in France. Her experience is vast and yet she handles everything with a calm focus that is very comforting for clients.

Florence Chafiol is outstanding. Her experience, her acumen and her profound knowledge are exceptional: never have we been disappointed in an opinion she gave.

Key clients





JC Decaux




Philip Morris France

Veolia Environnement

Work highlights

  • Advised Microsoft France and Microsoft Corporation on a wide range of data protection matters, including on negotiations for data protection agreements compliant with article 28 GDPR, the client’s GDPR audit programme, connection information requests filed by French authorities and representation in disputes.
  • Assisted Accor with IT law and data protection matters, including data protection compliance concerning digital projects and data protection issues.
  • Reviewed and negotiated several IT contracts for Veolia Environnement and other companies of the Veolia group, requiring expertise in GDPR law, advice on the right of access and the identification of data protection stakeholders.

Baker McKenzie

Baker McKenzie is particularly well versed in cross-border work, both in contentious matters, such as the representation of clients in international disputes involving multiple data protection authorities, and in advisory matters, including advising on multi-jurisdictional compliance surveys and studies for data privacy, e-commerce and other internet projects. The team, which is led by Rémy Bricard and Laurent Szuskin, is also increasingly active in cybercrime cases in which it assists with the conduct of investigations regarding fraud and data breaches and represents clients in related civil and criminal law remedies. Anti-corruption and anti-money laundering measures related to data processing is another area of strength. Led by Yann Padova, the group co-launched a GDPR offering in May 2018 together with specialist communication consultants Havas Legal & Litigation. Additionally, the practice offers the 'GDPR Survey', a tool used for tracking compliance processes in organisations created by the firm in collaboration with BearingPoint. Magalie Dansac Le Clerc oversees work relating to the survey tool.

Practice head(s):

Rémy Bricard; Laurent Szuskin

Bird & Bird

Bird & Bird impresses with its strong international data protection practice. Global compliance matters account for a significant part of the workload, with matters including cross-border data transfers, binding corporate rules and cloud computing. In combination with the group's strength in highly regulated sectors, including financial services, insurance and healthcare, the firm's wide geographical range ensures it is a popular choice in the data protection market. Other areas of strength are big data and open data matters as well as data risk work for insurance companies in the context of insurance coverage issues and corresponding claims. Ariane Mole and Merav Griguer are the practice heads.

Practice head(s):

Ariane Mole; Merav Griguer


Bird & Bird is a unique firm because of its advice and analyses that fit well in a corporate environment and go straight to the point. The advisers also bring their ability to foresee potential problems to the table. The strengths and key skills of the team are the ability to listen, the quick understanding, the tangible results that are always delivered on time and advice that goes beyond what the client has asked.

Key clients

Carlson Wagonlit Travel

City of Nice

EU DisinfoLab


Fnac Darty



Orange Bank

Syndic Avenir

Work highlights

  • Advised Carlson Wagonlit on the assessment and adjustment of its international GDPR compliance programme, including a review of the existing compliance programme and its documentation and liaising with the client’s global data protection officer, corporate audit team and global compliance team.
  • Assisted the city of Nice with the implementation of facial recognition technology on a public highway, including the conduct of a data privacy impact assessment, liaising with the local municipal police to ensure data protection and cybersecurity compliance, conducting impact studies and obtaining the necessary authorisation from the European Data Protection Office.
  • Represented the non-governmental organisation EU DisinfoLab in investigations conducted by the Belgian and French data protection regulators as part of the client’s crisis management following the publication of a study by the client.

De Gaulle Fleurance & Associés

De Gaulle Fleurance & Associés stands out for its team organisation, which operates in non-departmental structures; it assembles specialist teams from a cross-practice and sectorial perspective. With its wide-ranging sector expertise, including healthcare, energy and environment, financial services, real estate and e-commerce, and further strength in advisory, transactional and contentious matters, the group handles a varied workload. The development and implementation of data protection strategies, compliance audits and international data protection surveys are particularly busy lines of work. The team has offices in Paris and Brussels and joins forces with a network of international law firms for matters requiring expertise in foreign law. Cécile Théard-JalluJean-Sébastien Mariez and Georgie Courtois are the main contacts.

Key clients


Diet Sensor

Work highlights

  • Advised Diet Sensor on the parallel launch of its new connected nutrition scanning device in France and in the US, working alongside a US firm which covered the US aspects of the launch.
  • Assisted BPCE with the data protection aspects of its banking platform, the first banking API platform in France, designed to allow fintechs or applications of other financial service providers to connect with BPCE’s bank network.
  • Acted for BPCE in the negotiation of a contract with a service provider in the context of potential litigation, including assistance with the data privacy aspects.

DLA Piper

DLA Piper has longstanding experience in the life sciences and pharmaceutical sectors, with expertise in issues relating to the data protection aspects of clinical trials; pharma- and cosmetovigilance; access to medical databases; telemedicine; and contracts with contract research organisations. Cybersecurity is another core area of expertise, and the team is active in the implementation of cybersecurity prevention and action plans. Thanks to the firm's sizeable international footprint, the group has a considerable international reach and its integrated privacy compliance methodology is used by the firm's data privacy and protection experts around the globe. Denise Lebeau-Marianna, who leads the cybersecurity team, is the key practitioner. Jonathan Rofé directs the intellectual property and technology practice.

Practice head(s):

Jonathan Rofé

Work highlights

  • Advised a French pharmaceutical company on its global strategic GDPR compliance project.
  • Assisted a beverage company with building a centralised customer database, including advice on privacy by design and privacy by default issues.
  • Advised a well-known luxury goods company on its privacy strategy for the processing of personal customer data in a digital context.

Gibson Dunn

Gibson Dunn specialises in highly sensitive data protection and privacy matters, such as investigations conducted by national data protection authorities and cybersecurity breaches. The group's varied client lists attests to its wide sector range and strong cross-border experience as it features a long list of major multinational corporations, often based in the US and China, alongside key French players from the financial services, technology, automotive, retail, aerospace and luxury sectors. Additionally, the team is well versed in advising on the data protection aspects of transactions, including transactions targeting companies whose business model raises data protection and privacy issues. Ahmed Baladi is the head of the practice.

Practice head(s):

Ahmed Baladi


The Gibson Dunn privacy team is very expert and technical on data privacy legal matters, very reactive when you need urgent support and humble in the lawyer/client relationship. What also makes it genuinely special and valuable is its capacity to provide business-oriented advice that truly takes into account the business situation and challenges, and the stakes. Their human skills also contribute to the development of a trusting relationship.’

Ahmed Baladi gives you great comfort when dealing with complex legal topics (whether at national level or on cross-border issues) or difficult business situations, and when having to navigate in grey areas. These are situations where you need to challenge yourself, share views and take decisions taking into account the regulations, but also, and equally importantly for a business, matching with the business interests. Ahmed’s legal expertise, deep business experience, hard-working capacity and humility at work make him a highly valued asset for our legal team.

Clifford Chance

Clifford Chance assists with data protection and cybersecurity matters alike. The practice is part of the firm's wider commercial, tech and data team and specialises in matters requiring cross-border advice and a cross-practice approach, frequently assisting with clients' strategic projects. In combination with the group's wide sector range, including the automotive, financial services, insurance, energy and aerospace and defence sectors, the practice is able to take on high-stakes matters and provides a one-stop-shop for transactions, major compliance projects, complex commercial contracts and day-to-day data protection and cybersecurity advice. It also stands out for the firm's apps - 'Clifford Chance Cyber Assist' and 'Clifford Chance Dawn Raids' - which assist clients with cyber incidents and dawn raids. Dessislava Savova is the head of the practice. TMT expert Grégory Sroussi made counsel in May 2019.

Practice head(s):

Dessislava Savova

Key clients



Plastic Omnium


Samsung Electronics France

Work highlights

  • Advised Samsung Electronics France on the launch of its Samsung Pay solution for contactless payment by phone in France, with a particular focus on GDPR compliance, the requirements of the Payment Services Directive and banking secrecy.
  • Acted for Engie on the data protection aspects of a complex transitional services agreement in the context of the sale of its upstream liquefied natural gas business to Total.
  • Advised SMCP on the data protection aspects of its exclusive negotiations to acquire the De Fursac group, including advice on cybersecurity aspects, a compliance audit, a risk assessment and the negotiation of data protection aspects of transaction documents.


CMS combines a broad sectorial range with the firm's wide geographical reach. The automotive, financial services, insurance, healthcare and media sectors generate a steady stream of instructions, with other matters coming from the software and telecoms sectors. With its three offices in Paris, Lyon and Strasbourg, the practice attracts a varied client portfolio that includes international giants, major French players and small and medium-sized businesses. Practice head Anne-Laure Villedieu and her team frequently join forces with the firm's international offices or other firms abroad to ensure the smooth handling of cross-border matters. In the Paris office, the German, China and Africa desk further demonstrate the group's strong commitment to seamless service across borders.

Practice head(s):

Anne-Laure Villedieu

Key clients


Al Khaliji

Bank of China





Montabert SAS

Sage France

SPIE Operations

Work highlights

  • Advised Montabert SAS on the development and implementation of its GDPR compliance programme in France as part of the client’s multi-jurisdictional GDPR compliance programme.
  • Advised Al Khaliji on its GDPR compliance programme, including on data transfers to outside the European Union as the client’s headquarter is based in Qatar.
  • Assisted Deliveroo with the roll-out of its international GDPR programme in cooperation with the firm’s offices in the UK, Germany, Italy and Spain. Advised the client on the data protection aspects of hosting third-party content and direct marketing towards consumers and businesses and assisted the client with data subject rights requests.

Derriennic Associés

French firm Derriennic Associés has one of the deepest benches in the market, with five partners specialising in IT and data protection law: François-Pierre LaniAlexandre Fievée, Georges JenselmePierre-Yves Margnoux and new arrival Bruno Ducoulombier, who joined from Fieldfisher in February 2019. The group is experienced in contentious and non-contentious matters and is especially active for software companies, IT service providers and manufacturers, both in France and abroad. For GDPR compliance matters, the practice offers a variety of tools to assist clients with the data protection and privacy aspects of their products and services from their inception all the way to their introduction to the market.


The firm is really reactive, and has adapted itself to the different stakeholders of the company in order to facilitate the understanding of risk and the need to make the company GDPR-compliant. The firm was and is still a real partner to our company.

Key clients


La Banque Postale


Pierre Fabre


UFC Que Choisir


Work highlights

  • Advised several clients on GDPR compliance matters, including the conduct of GDPR compliance audits.
  • Represented UFC Que Choisir as claimant in litigation brought against social media networks based on the breach of contract and breach of national and European data protection law, securing several significant wins for the client.
  • Advised Natixis on the data protection aspects of an interface potentially offered to fleet managers to analyse the use of their fleet by collecting and aggregating information from the cars, with the information being provided by a partner of the client.


Féral-Schuhl/Sainte-Marie specialises in data protection advice in highly regulated sectors: the financial services, insurance, healthcare and pharmaceutical are the group's main focus. The firm has close ties to the French data protection authority and is a popular choice for clients seeking authorisation of particularly sensitive data processing or in investigations and complaint procedures. Data protection compliance audits, data transfer agreements, binding corporate rules, assistance with dawn raids conducted by the French data protection authority and data protection training are all part of the team's offering. Founding partners Bruno Grégoire Sainte Marie  and Christiane Féral-Schuhl are among the most established data protection practitioners in France and direct the practice together with Richard Willemant and Olivier de Courcel.


Excellent guidance which combines: know-how of data protection, business acumen and pragmatism, adaption to the interlocutor.

Very good communication skills. The exchanges are very fluid.

Gide Loyrette Nouel A.A.R.P.I.

Gide Loyrette Nouel A.A.R.P.I. is especially active for clients from the financial services, insurance and fintech sectors, but matters relating to the marketing, retail and tourism industries also form a significant part of its workload. Thierry Dor heads the team, which has strength in advisory work and contentious matters, including representation in procedures brought by the French data protection authority. The team's wide-ranging services include day-to-day advice as well as high-stakes project work. While the firm has strong French roots, its membership of TechLaw, the global network of law firms specialising in the TMT sector, adds strong international credentials.

Practice head(s):

Thierry Dor

Key clients

France Télévisions

Herbert Smith Freehills LLP

Herbert Smith Freehills LLP has a reputation as a specialist practice for work at the intersection of data protection and data privacy law and social media, making it a go-to firm for a string of international internet and technology giants. Pharmaceutical companies also entrust their data protection matters to the group. Practice head Alexandra Néri has a strong focus on litigation in the space, but the team also regularly assists clients with non-contentious matters such as GDPR compliance programmes. Clients frequently rely on the practice for cross-border mandates, often involving the US, but the group also has a busy domestic caseload.

Practice head(s):

Alexandra Néri


Alexandra Neri has a business-oriented mind which helps to implement abstract laws into practice.

Alexandra Neri understands data globally.

K&L Gates LLP

K&L Gates LLP occupies a unique place in the market with its focus on media and entertainment clients and its impressive track record in handling matters for French professional associations, including those representing communication agencies, advertising players and online publishers. Practice heads Etienne Drouard and Claude-Etienne Armingaud are well versed in cross-border matters as demonstrated by their frequent involvement in matters involving multinational companies, particularly clients from the US and Asia. Instructions relating to GDPR compliance also account for a significant portion of the workload. The practice also offers clients the use of artificial intelligence tools to facilitate document analyses, knowledge management and document drafting. While the tools are employed across the board, they are particularly beneficial in litigation through the improved management of document evidence.


The data protection team can be noted for its outstanding quality, reputation and high responsiveness. With their international network, in-depth knowledge of the market, the technology and their legal strength it is an excellent firm to go to for data protection matters.

Really pleasant team to work with. Responsive and team players.

The K&L Gates privacy team in France has a lot of knowledge regarding cross-border privacy issues.

Étienne Drouard is effective, solution-oriented and benefits from his prior work experience with privacy authorities to have a perfect knowledge of this field and provides pragmatic advice.

Claude-Etienne Armingaud is a true data protection thought leader. With his in-depth knowledge of the market, technology and his legal strength he is the person to go to for all data protection matters. He is an expert in the fields of new technological areas including fintech, blockchain and the internet of things where he combines his extensive data protection knowledge with his market and technological experience.

Key clients


BNP Paribas




Carnegie Mellon University

Eiffage Energies

Enigma Software

Ravel Technology

Work highlights

  • Advised 1000mercis on the implementation of a privacy and e-commerce compliance programme in multiple jurisdictions, including the US, Dubai, Hong Kong and Israel. The matter involved the revision of template agreements and the drafting of privacy-related documentation.
  • Coordinated the global GDPR due diligence of the acquisition of Enbi Global by Watermill Group, including advice on remediation steps and the drafting and negotiation of the necessary representations and warranties.
  • Advised Gucci and Yves Saint-Laurent on the regulatory framework applicable to the implementation of a radio frequency identification tag system for the clients’ products which would allow the clients to better control their distribution channels.

Latham & Watkins

Latham & Watkins specialises in complex cross-border data protection matters. Key sectors for the group include media, consumer goods, pharmaceutical and e-commerce. With Myria Saarinen, the practice has an experienced litigator at the helm, but Saarinen also frequently assists clients with the conduct of large-scale GDPR audits, the negotiation of commercial agreements involving strong data protection components, and data privacy analyses. Data subject access requests and data breach notification procedures are other key areas of expertise.

Practice head(s):

Myria Saarinen

Pinsent Masons LLP

Pinsent Masons LLP impresses with its long track record in data protection and data privacy matters. The group's key areas of expertise are the impact of GDPR regulations in highly regulated sectors - including financial services, healthcare, insurance and gaming and gambling - and cybersecurity matters, including advice on cybersecurity governance and assistance with the creation of incident response teams. A stand-out feature is the team's approach to GDPR training: the group has devised a game which clients can use to teach their employees about the various implications of GDPR. Practice head Annabelle Richard also leads the firm's membership of Renaissance Numérique, the French think tank focusing on technology and digitalisation topics.

Practice head(s):

Annabelle Richard


Subject matter knowledge is expected, but the team I worked with took the time to understand my company’s business model and the operating practices to help use cover all the levels of potential risk.

Taylor Wessing

Taylor Wessing stands out through its experience in advising on data breaches, data loss and data theft which complements its strong GDPR practice and international network. The group frequently conducts significant GDPR compliance audits and impact assessments and is adept at assisting clients with data breach incident responses, including the coordination of the investigation and of external forensic experts and PR specialists. Additionally, the practice demonstrates strength in advising insurers on the coverage of cybersecurity risks. Valérie Aumage, who is the main data protection and data privacy contact, and Marc Schuler, who is the key practitioner for IT- and insurance-related work, are the practice heads.

Practice head(s):

Valérie Aumage; Marc Schuler


The team is very responsive. It perfectly understands its clients needs and has a good value for money ratio.

Marc Schuler is extremely efficient and hard-working.

Marc Schuler explains very clearly and has good business insight.

Work highlights

  • Advised Hiscox on the drafting of its cyber cover and on an insurance claim brought by an insured following a data breach at a US payment platform.
  • Advised Carmat on the negotiation of a global agreement aimed at establishing a cloud-based health and research data management platform that would analyse and integrate research data collected in clinical trials.
  • Advised an electronics company on its GDPR compliance.


Independent French firm Astura handles a steady stream of transactional-related work, where it advises on the data protection and IT components of M&A. It is also experienced in conducting large-scale data protection compliance audits and assisting with the development of bespoke data protection and data privacy policies and strategies, including in highly regulated sectors such as financial services and healthcare. Practice head Matthieu Mélin, who is also a key name for intellectual property, is the main practitioner.

Practice head(s):

Matthieu Mélin

Delsol Avocats

At Delsol Avocats, practice head Jeanne Bossi Malafosse has a unique portfolio of experience, with eighteen years of experience at the French data protection authority and five years of experience at the French digital health agency ASIP, Bossi Malafosse is an expert in data protection law in the healthcare and life sciences sector. The practice's client roster attests to this specialism, with a number of domestic professional healthcare associations and international pharmaceutical companies on the client list. GDPR and data protection compliance programmes, data privacy assessments and the drafting of data protection policies account for the majority of the team's workload.

Practice head(s):

Jeanne Bossi Malafosse

Key clients

Conseil National de l’Ordre des Médecins

Conseil National de l’Ordre des Pharmaciens

Work highlights

  • Advised the Conseil National de l’Ordre des Pharmaciens on its GDPR compliance. Appointed as data protection officer by the client.
  • Advised the Conseil National de l’Ordre des Médecins on its GDPR compliance.

Hogan Lovells (Paris) LLP

Hogan Lovells (Paris) LLP is noted for its strength in cross-border work. It combines its focus on the healthcare and life sciences, automotive, financial services and technology sectors and its ability to assist with strategic data protection and privacy questions, with expertise in cybersecurity matters and high-stakes litigation. Clients include sizeable domestic companies and international corporations. Counsel Patrice Navarro, who leads the team, is the key contact for GDPR matters, while litigator Christine Gateau has longstanding experience in IT-related disputes across a variety of sectors. Winston Maxwell left the firm in June 2019 to become a director at Télécom Paris.

Practice head(s):

Patrice Navarro


The Hogan Lovells privacy team is extremely skilled in all aspects of privacy practice: from compliance counselling, to representing clients before data protection authorities and courts. They astutely assess their clients’ goals and execute a legal strategy to achieve them.

Very highly skilled lawyers with extensive experience in data privacy and data protection. Extremely professional, reliable and available. Their network of international lawyers throughout the firm allows international companies to deal with a legal subject which concerns different countries in a smooth and coherent way.

Patrice Navarro is a credit to the Hogan Lovells team. He is able to engage with all levels of the business to explain this complex area of law with ease in an understandable and relatable manner. He has a practical approach taking into consideration business confines, market and competitor pressures whilst ensuring at all times that the legal ramifications of any steps taken are advised upon.

Patrice Navarro makes himself available when needed and is capable of quickly offering several options to choose from. The team is very responsive and breaks down complexity into simpler tasks.

Christine Gateau is always available, always insightful, always dependable. She has great judgement and execution skills, in both English and French.

Work highlights

  • Represented a company in proceedings before the French Administrative Supreme Court following an appeal against a decision of the French data protection authority imposing a financial sanction based on the General Data Protection Regulation.
  • Assisted a large call centre operator with the drafting of its binding corporate rules and with obtaining the corresponding validations in several European jurisdictions.
  • Advised a life sciences company on the European regulatory framework applicable to health data and clinical trial data in order to ensure a coherent data protection approach across Europe.

Luzi Avocats

Independent French firm Luzi Avocats assists with contentious and non-contentious matters, with expertise ranging from dawn raid inspections conducted by the French data protection authority to GPDR compliance audits, data privacy impact assessments and data transfer contracts to the drafting and implementation of binding corporate rules. Founding partner Olivia Luzi is the head of the practice and has broad sector expertise, including in highly regulated industries such as financial services and healthcare, in addition to complementary expertise in IT and media law.

Practice head(s):

Olivia Luzi


The team has a very business-driven, hands-on approach to data privacy and data protection projects.

The high availability and pragmatism of the team are the key core values of Luzi avocats practice.

Olivia Luzi is very knowledgeable on all aspects of IT contract management such as data privacy and data protection. She has gathered a team of hard-working colleagues who are equally knowledgeable.

Key clients


Consumer Goods Forum

Fédération Française du Bâtiment

Groupe SCR

Immucor France


Lagardère Active


Student Factory


Work highlights

  • Advised Lagardère Active on the transfer and renegotiation of its IT contracts in the context of a group restructuring, including data protection aspects.
  • Conducted a privacy impact assessment for Gefco to analyse potential compliance risks relating to the processing of personal data.
  • Advised Lyreco on GDPR compliance matters, including the review of data protection information notices and data privacy policies and the drafting of data processing agreements and legal opinions.

Norton Rose Fulbright

Norton Rose Fulbright provides a wide range of services, from conducting data protection due diligence in the context of domestic and international transactions to assistance with investigations conducted internally by companies or initiated by data protection authorities. The group's experience in preventing data security incidents and data breaches and mitigating the impact of such incidents and breaches through the firm's cross-border cyber incident response service is another key asset. GDPR compliance audits and assistance with the development of products and services, including those from the internet of things or artificial intelligence market, also provide a steady stream of matters for the team. Nadège Martin is the practice head.

Practice head(s):

Nadège Martin

Key clients


Altus Group

Apicil Group

Work highlights

  • Advised Apicil Group on the data protection aspects of its acquisition of the shares of The OneLife Company from J.C. Flowers.
  • Acted for Altus Group on the data protection aspects of its acquisition of Taliance Group, a French provider of cloud-based alternative investment software.
  • Advised Allianz Africa on the data protection aspects of the sale of its shares in five subsidiaries in Benin, Burkina Faso, Mali and Togo to Sunu.

Osborne Clarke

Osborne Clarke has strength in the development and implementation of compliance and security procedures aimed at preventing data security breaches and is experienced in assisting with the consequences of data security breaches, including initiating the required notification procedures. Other core areas are GDPR audits; assistance with the data protection aspects of commercial agreements; and advising on the development of new products that conform to data protection requirements. Its client base includes a number of companies active in fintech, artificial intelligence and open data projects. Béatrice Delmas-Linel, Claire Bouchenard and Xavier Pican are the practice heads. Counsel Sarah Lenoir, a specialist in IT, intellectual property and data protection, joined from Clyde & Co LLP in 2019.


They understand our issues, they are straight to the point, and have an excellent pragmatic approach to the matter on which they are working on for us.

Key clients



Groupe Lucien Barrière

Integral Ad Science

Laboratoires Expanscience

Ligue Nationale de Rugby





Work highlights

  • Advised Médiamétrie on a wide range of data protection and IT matters, including issues pertaining to privacy by design.
  • Advised Vetoquinol on its GDPR compliance programme, including the delivery of training sessions to the client’s teams and reviewing and updating contracts.
  • Assisted the Ligue National de Rugby, the French National Rugby League, with the data and e-privacy regulations applicable to a distribution platform for rugby tickets and merchandising products. The matter also involved advising on distribution and tax law as well as on ticketing regulations.

Simmons & Simmons

Simmons & Simmons is a popular choice for financial institutions, investment funds and asset management companies, and is also active in the TMT and healthcare and life sciences sectors. Matters regularly involve cross-practice elements, where it is able to leverage the firm's wider expertise and it frequently works with the employment and dispute resolution groups. The team counts major French and international companies among its clients. The development and implementation of data protection strategies; data protection compliance checks, undertaken through the group's data protection health check; and assistance with the development of digital projects, for example in marketing, are key areas of strength. Sarah Bailey, who also specialises in intellectual property, is the head of the practice. Christophe Fichet, former co-head of the practice, joined Dentons in December 2019.

Practice head(s):

Sarah Bailey


They are very responsive and meet deadlines.

Working with Frédérique Potin is always a plaisure. She is a real professional, not afraid to come back to us to clarify our needs or to guide us towards the real issues. She always makes herself available to process instructions in an emergency.

Key clients

Caisse de dépôt et placement du Québec

Roche France

Work highlights

  • Advised Roche France on complex projects involving health and genetic data, including GDPR advice and advice on the stipulations of the French Data Protection Act.
  • Advised the Caisse de dépôt et placement du Québec on the data protection aspects of its investment in Biogroup LCD.

White & Case LLP

White & Case LLP is mainly active in a wide range of advisory matters, including privacy and cybersecurity audits, the conduct of data protection audits, cyber risk management, and the preparation of responses to potential data security breaches. The group's strength in litigation comes into play in privacy disputes and at the intersection between unfair competition and data protection law, especially in the social media sector. Other lines of work include representing clients in investigations launched by regulators in France and abroad, and support in M&A and private equity transactions involving data protection and privacy aspects. A particular strength is the firm's international footprint, allowing the French team around practice head Bertrand Liard to join forces with colleagues from offices abroad to handle cross-border matters. Clara Hainsdorf made partner in 2018.

Practice head(s):

Bertrand Liard

Work highlights

  • Assessed the GDPR compliance of a major financial institution and advised the client on the corresponding action plan.
  • Assisted a client from the financial services sector with the privacy impact assessment of its big data platform.
  • Represented a social media platform in pre-litigation and litigation matters arising from data protection and privacy concerns.