Data privacy and data protection in France

August Debouzy

The practice at August Debouzy, which was launched in the early 2000s, advises clients on data privacy projects, including managing data protection, litigation, audits, and cyber security crisis management. In addition to working with clients' in-house legal team, the group also works closely with other key stakeholders, including IT and security experts and DPOs. A majority of the team's work for both French and international clients is cross-border and highly complex. Practice head Florence Chafiol is an expert litigator in complex data protection proceedings. In January 2020, senior associate Roxane Blanc-Dubois joined from Hogan Lovells International LLP.

Practice head(s):

Florence Chafiol

Other key lawyers:

Roxane Blanc-Dubois


‘Florence Chafiol is very responsive and provides great advice promptly and in a manner which clients can act upon; helpful, considered and effective ’

‘They have that magic combination of true expertise and practical knowledge: a rare gift.

To put it succinctly, they are simply superb at data.’

‘Florence Chafiol is simply outstanding, a true expert in her field, and yet willing also to be practical and commercial, and work very hard to get a client the best result.’

The August Debouzy team is the only team of lawyers we have worked with that is capable of answering the full range of questions we raise with the technicality and relevance they demonstrate.’

‘Florence Chafiol is has an exceptional level of skills in her field that she masters to perfection while combining, which is rare, an understanding of the company that few lawyers can demonstrate. She is also incredibly available, as are her teams.’

Key clients


Accor SA

Veolia Environnement

Philip Morris France


Total SA & Total Global Procurement



Neuflize OBC

La Poste Telecom


Shift Technology

Pernod Ricard






Work highlights

  • Assisted Veolia Environnement in its contractual negotiations for a variety of large-scale contracts.
  • Provided assistance and support to Pernod Ricard’s data protection team in a variety of issues pertaining to privacy and data protection.
  • Assisted Shift Technology in its solution to full compliance with the GDPR as well as providing a full review of Shift Technology’s contract in order to limit liability.

Baker McKenzie

Baker McKenzie has established itself as a practice leader regarding cross-border data privacy regulation advice, cybersecurity litigation, and GDPR compliance matters and acts for clients from across Europe, North America, and Asia. Rémy Bricard and Laurent Szuskin lead on cybercrime investigations, legal responses to data breaches and e-commerce. They are both highly experienced in anti-money laundering measures regarding digital data. Yann Padova is a key name for data protection, particularly GDPR compliance.

Practice head(s):

Rémy Bricard; Laurent Szuskin; Yann Padova


‘This team has a great balance of experience and expertise together with young, dynamic, solutions-oriented lawyers. They are all very friendly also which makes it a pleasure to work with them.’

‘Clever, think fast on their feet, solutions-oriented and practical and create a real partnership. It’s not about the hourly billing, it’s about the outcome and the best possible solution/advice.’

Key clients

BNP Paribas




IES Synergy





Bird & Bird

Bird & Bird has established itself as a 'go-to' team for advice regarding data privacy compliance, international data transfers, AI, and cybersecurity matters. The team has also assisted French and international clients with GDPR compliance, cloud computing, and binding corporate rules involving data. Ariane Mole and Merav Griguer lead on all data privacy and security matters, including security breach management, digital marketing, and general cybersecurity. Associate Dan Scemama provides additional support.

Practice head(s):

Ariane Mole; Merav Griguer

Other key lawyers:

Dan Scemama

Key clients

Carlson WagonLit Travel (CWT)

Orange SA

Fnac Darty

Equinix Group



Municipality of Nice


BNP Paribas


Alcatel Lucent

Work highlights

  • Assisted Carlson WagonLit Travel with data protection matters, including the assessment and adjustment of its international GDPR compliance programme.
  • Advised Equinix on obtaining the first BCRs ever approved under the GDPR process.
  • Advising Orange SA including Orange Bank, on sensitive matters relating to data, privacy and cybersecurity issues.

De Gaulle Fleurance & Associés

The specialist data privacy and data protection team at De Gaulle Fleurance & Associés advises clients across a wide range of sectors, including energy and environment, banking, e-commerce, and healthcare. Its strengths lie in contentious matters, transactions, and day-to-day data protection advice. The group has offices in Paris and Brussels as well as an alliance with a network of international law firms, which allows it to handle cross-border matters. Key contacts are Cécile Théard-Jallu and Georgie Courtois. However, Jean-Sébastien Mariez left in September 2020 to co-found Momentum.

Derriennic Associés

The data protection team at Derriennic Associés handles a range of data protection-related matters, including GDPR compliance, such as audits, risk and processing mapping, and compliance with the French Data Protection Act. Alexandre Fievee advises major players in the financial services sector on IT and IP law; François-Pierre Lani specialises in computing law and new IT law; Bruno Ducoulombier advises health and agribusiness companies on GDPR compliance.

Practice head(s):

Alexandre Fievee; François-Pierre Lani; Bruno Ducoulombier


Very professional / competent firm in the field of GDPR. Very good knowledge of the issues / problems of our sector and the business world. Very pragmatic / concrete recommendations. Focus on the essential / what is relevant.’

‘Alexandre Fiévée, our single point of contact, is very competent, pragmatic, available, reactive, and even proactive. He works quickly and very efficiently. He is firm, fair and of good advice.’

The team works in partnership with our company, it understands its problems and knows how to find the appropriate solutions to our particular environment.’

‘Thanks to them, the GDPR compliance of our company was done in a pragmatic and efficient way, despite the internal organisational difficulties that we brought.’

Availability, ability to adapt to the people, departments concerned, pragmatic, efficient, and fast!’

Key clients


City One



OCP – Mc Kesson




Federation Syntec

AMC Promotions

La Banque Postale

Cerba Healthcare


Talentia Softaware

Generix Group

Work highlights

  • Assisted Cerba Healthcare’s DPO with defining and implementing the various actions likely to ensure the compliance of personal data processing implemented by the different entities of the group.
  • Advised Hivebrite on auditing its personal data processing regarding customer experience and its compliance with the GDPR.
  • Advised Dalkia on designing a GDPR-compliant impact assessment tool.

DLA Piper

At DLA Piper, the team has a strong track record handling cybersecurity matters, where it is well placed to advise on all legal risks relating to cyberattacks, as well as related contentious, criminal law, and IT matters. The team frequently advises on GDPR compliance and data protection related to clinical trials and medical databases for clients in the healthcare, pharmaceutical, biotechnology, and medical device industries, where practice head Denise Lebeau-Marianna is a key name for data protection compliance and telemedicine projects. Jonathan Rofé focuses primarily on IT law. In March 2020, associate Juliette Chavane joined from Cornet Vincent Ségurel.

Practice head(s):

Denise Lebeau-Marianna

Other key lawyers:

Jonathan Rofé; Juliette Chavane


Denise Lebeau and DLA Piper have developed reliable, fast, flexible assistance that responds effectively to the concerns of multinational groups in all segments of data protection, from the implementation of BCRs to the management of data breaches.’

‘Denise Lebeau is very flexible; with a deep knowledge of the subject and of its issues and actors, she is able to provide the appropriate responses in a calm and serene manner with appreciable saving of resources.’

Gibson Dunn

Gibson Dunn is a port of call for complex and highly sensitive privacy matters for luxury brands, private equity funds, and large social media corporations. In recent years, the team has frequently advised on ransomware, implementing proper security processes, and screening, and has noted an increase in work relating to data breaches and investigations. The team has historically advised on highly strategic M&A matters for multinational corporations based in the US and China, as well as high-profile French clients in the technology, retail, aerospace, and retail sectors. Ahmed Baladi leads the practice.

Practice head(s):

Ahmed Baladi

Clifford Chance

Clifford Chance is particularly noted for advising on the data and cybersecurity aspects of strategic M&A, as well as assisting with crisis management in response to data breaches, and AI regulation and ethics. The team is also experienced in matters including internal audits and investigations, as well as regulatory inquiries for clients in the automotive, insurance, energy, and aerospace industries. Practice head Dessislava Savova specialises in AI, data, and cybersecurity law.

Practice head(s):

Dessislava Savova

Key clients



AXA Next



The Coca-Cola Company



Work highlights

  • Advised Alibaba in the context of data protection and cloud-related matters, including the negotiation of a multi-jurisdictional cloud computing agreement with a leading group in the luxury field.
  • Advised Oracle on its data protection strategy and related issues at a pan-European level.
  • Advised Legrand in the context of the worldwide launching of an app designed for Legrand group-connected home products.


The data protection team at CMS advises private companies and public entities on regulatory matters regarding GDPR, e-commerce and fintech. Additionally, it has a strong track record acting for clients during investigations and enforcement proceedings. It has particular expertise assisting with regulatory aspects concerning the use of customer data in e-commerce for major French corporates and international businesses. Other work includes advice on adtech, AI, blockchain, and biometric devices. Practice leader Anne-Laure Villedieu leads on key IP, TMC, and IT issues and is an experienced litigator before the French Data Protection Authority.

Practice head(s):

Anne-Laure Villedieu


An agile, pragmatic, concise, efficient, innovative, available and attentive team.’

Key clients

Al Khaliji France


Allianz Partners

Bank of China


Banque Casino




SPIE Operations

SPIE France

Work highlights

  • Advising SPIE Operations and its French subsidiaries (SPIE France) on a daily basis and on every aspects of their data privacy matters.
  • Advised Al Khaliji on its compliance with data protection laws and regulations.
  • Advised Allianz Partners and its affiliates on the launch of two major new innovative and complex telemedicine/e-health projects in EU.


Féral provides comprehensive data protection advice and is a key name for clients in highly regulated sectors, such as the financial services, pharmaceutical, and insurance industries. It is particularly notable for data protection audits and assessments of GDPR compliance, drafting IT guidelines, and handling litigation in the data protection space, as well as assitable with high-profile dawn raids. Bruno Grégoire Sainte MarieChristiane Féral-SchuhlRichard Willemant and Olivier de Courcel are the practice heads.

Practice head(s):

Bruno Gregorie Sainte Marie; Christiane Féral-Schuhl; Richard Willemant; Olivier De Courcel

Work highlights

  • Provided regular assistance to a French company specialising in providing services to hospital patients, their relatives and hospital staff with respect to its compliance with the GDPR.
  • Provided regular assistance to a company that specialises in online advertising with respect to its compliance with the GDPR.
  • Assisted one of the leading French media group with all issues relating to personal data regulations.

Gide Loyrette Nouel A.A.R.P.I.

Gide Loyrette Nouel A.A.R.P.I. has established a reputation as a strong data privacy and protection team and is particularly sought after by clients in the banking, fintech, and insurance areas. Thierry Dor leads on high-profile protection projects and GDPR compliance reviews, as well as advisory work and contentious matters. The group has built up a strong base of French clients and continues its relationship with TechLaw, an international network of TMT law firms, to handle multi-jurisdictional matters.

Practice head(s):

Thierry Dor


‘Thierry Dor’s team is undoubtedly one of the most expert that I have come across in my career as a Data Protection Officer. Not only is their responsiveness exemplary, but the speed of response and the quality of their interventions have always encouraged us to come back to whatever the level of sensitivity of the subjects.’

‘As a Data Protection Officer, I was impressed by their ability to simplify complex legal concepts to an operational audience. Then, I appreciated their desire to listen to the customer before delivering a review. When we asked Gide for questions relating to the return of employees to the office in a Covid context, they explored the needs and possibilities of the company to arrive at a “tailor-made” opinion that was perfectly welcomed by the operational staff. Finally, their calm and professionalism in the face of members of the company stressed by critical events made it possible to reassure and to get through the hardships they endured.’

‘Some of their key strengths were their high reactivity, total expertise on the subjects covered, and perfect command of English by the junior, senior, and partner. There was also great involvement of the partner in the topics covered and granular specificity of memos.’

‘The great strength of this team lies in its great availability and its flexibility to respond quickly to questions that may arise on a daily basis. The answers are also always pragmatic and result from an intelligent trade-off between the rule of law and the risk incurred.’

‘We appreciate the availability of Thierry Dor and his ability to quickly analyse situations and provide us with a response whose implementation is proportionate to our resources.’

Herbert Smith Freehills LLP

The team at Herbert Smith Freehills LLP is recognised for its data privacy advice to high-profile social media and technology clients. It has a dual focus on day-to-day matters including GDPR compliance, as well as on data privacy disputes. Additionally, its clients frequently include French banks and pharmaceutical companies. Practice head Alexandra Néri deals with data breaches, cybercrime, and dawn raids, as well as data transfer conflicts. Clients are predominantly headquartered in the EU and France, but the team also advises notable US tech corporations.

Practice head(s):

Alexandra Néri


‘The team is very well connected to the relevant key people for any query needed anywhere in the world. They are extremely knowledgeable in their field from a regulatory and practical point of view, and very commercial-driven in their advice.’

Hogan Lovells (Paris) LLP

Hogan Lovells (Paris) LLP provides strong cross-border advice for clients in the healthcare and life sciences, banking, and technology sectors. The team is known for its expertise in cybersecurity and high-stakes TMT litigation on behalf of French and international companies. Etienne Drouard, who was a new arrival in February 2020 from K&L Gates LLP, is highly regarded for his work in data protection and privacy matters, especially on M&A transactions, digital crisis management, and international disputes. Patrice Navarro, who focuses primarily on GDPR matters and made partner in the firm's strategic operations agreements and regulation team in January 2021, and litigator Christine Gateau are other names to note.

Practice head(s):

Etienne Drouard; Patrice Navarro

Other key lawyers:

Christine Gateau


The team stands out for its ability to approach cases from all angles. In addition to an obvious legal competence, the team knows perfectly how to decipher a problem by combining several stakes (technical, economic, geopolitical). This capacity is fully in line with the expectations of our legal department. In addition, the team seems sufficiently staffed to guarantee continuity of advice within a reasonable timeframe. This point is very important for the lasting support of a large-scale group.’

‘Etienne Drouard embodies the “ideal advice”. Equipped with a perfect legal-technical knowledge, he supports perfectly our legal department and our operational services. His background and his ability to highlight subjects with other issues (competitive, economic, geopolitical) are considerable assets. Etienne Drouard is an indisputable reference on the protection of personal data.’

‘Etienne Drouard’s team is characterized by expertise and know-how recognized in the public arena, commitment and ethical values.’

‘Etienne Drouard has an incredible capacity for work.’

‘The Hogan Lovells team that works with our teams has unique expertise and has an unmatched presence in the digital marketing market. The team leader has the strongest recognition among stakeholders in the ecosystem, and a very strong expertise and knowledge of control bodies.’

Key clients

Groupe CANAL+

K&L Gates LLP

With notable experience in the implementation of GDPR compliance and data protection, the team at K&L Gates LLP coordinates with the firm’s wider European practice to act for multinational clients in the luxury goods, entertainment, and telecoms sectors. Practice head Claude-Etienne Armingaud frequently acts for fintech clients in contentious multi-jurisdictional matters regarding IP and IT data protection. In March 2020, associate Clara Schmit joined from D’Alverny Demont Associés.

Practice head(s):

Claude-Étienne Armingaud

Other key lawyers:

Clara Schmit


‘Claude-Etienne Armingaud is the best at what he does, plain and simply. Fast, reliable, and efficient.’

‘A team which is very familiar with the evolution of the regulatory framework applicable to data, and which has often participated in the work of developing new guidelines with the CNIL.’

‘Claude-Etienne Armingaud is very familiar with the issues of data protection and privacy. He supports a large clientele in various fields of intervention.’

‘The K&L Gates Paris Personal Data Protection and Data Protection team has in-depth expertise in the development and interpretation of the regulatory framework, not only at European and French levels, but also locally, across the whole European offices with which I had the opportunity to collaborate. In this regard, it is a real pan-European team with a one-stop shop that allows us to quickly obtain practical, pragmatic solutions adapted to the activities of our group.’

‘In France, Claude-Etienne Armingaud has a very great expertise on our subjects and manages both his team and his files with a master hand. We particularly appreciate his ability to be a teacher without ever being pedantic and the ease with which he adapts to his interlocutors. In this regard, he is able to guide both our legal teams and our IT, marketing or medical teams, at all seniority levels. Finally, his great sense of humour has often helped us relax the atmosphere during complex discussions, without ever being inappropriate.’

‘High quality technical knowledge combined with practical commercial focus and familiarity with the regulatory process..’

‘Claude-Etienne-Armingaud is technically skilled, practical, and commercial. Very responsive.’

Latham & Watkins

The team at Latham & Watkins specialises primarily in matters related to cross-border and complex data protection issues, such as data breaches, discovery and case analysis, and general data protection matters. It is able to draw on the firm's global office network to advise clients operating in the consumer goods, media, pharmaceutical, and e-commerce sectors on multi-jurisdictional issues. Practice head Myria Saarinen is an experienced litigator but also assists with significant GDPR audits. Associate Charlotte Guerin provides additional support.

Practice head(s):

Myria Saarinen

Other key lawyers:

Charlotte Guerin


This team has in-depth knowledge of the subject and constantly monitors regulatory developments.’

‘And with Covid-19, this team has been able to adapt to the new constraints and has organised webinars instead of physical conferences and has shown that they are always there for their customers.’

‘Availability, respect for the client’s objectives, clarity of the message, as well as respect for the interlocutor.’

Extremely dynamic team, familiar with business issues and EU and non-EU legislation on the protection of personal data.’

Osborne Clarke

Osborne Clarke is best known for its prompt responses to complex data and security breaches, as well as data protection compliance advice relating to commercial agreements, and GDPR audits. Clients frequently include key players in the fintech, AI, and open data project areas. Practice co-heads Claire Bouchenard, Xavier Pican and Béatrice Delmas-Linel cover e-privacy, e-commerce, and complex litigation between them.

Practice head(s):

Claire Bouchenard; Xavier Pican; Béatrice Delmas-Linel


I really appreciate Béatrice Delmas-Linel for her pragmatic advice and her ability to think about solutions outside the box.’

‘The Osborne team has enabled our company to take a very important step in terms of structuring and compliance. The team is very well organized, and responds to our various needs/projects in a reactive manner, while being particularly business and educational oriented.’

‘Their business, legal and regulatory knowledge is an invaluable asset for our company, but what sets them apart is their human qualities! This team quickly understood that the ability to adapt would be a guarantee of success in our projects. I consider them as colleagues and take pleasure in sharing with them on different themes. They are for me a real source of knowledge, complementary to my knowledge of the field.’

‘They were able to adapt their approach with a whole panel of interlocutors (some very accustomed to discussing legal matters, and others very uncomfortable with regulatory concepts). I immediately felt that I could rely on them to launch my projects, and I was able to develop incredible knowledge through their advice and interventions.’

Key clients



The Pokémon International Company (TPCi)

Bouygues Construction


DPD Group

Integral Ad Science (IAS)

Groupe Richemont

Work highlights

  • Advised Group Casino on the March 2020 launch in the Paris region of its new grocery ecommerce platform Monoprix+ based on UK provider Ocado’s technology for robotics and automated warehouses.
  • Advised onepoint on the legal and regulatory (including data privacy) framework for the development of the health monitoring platform Copass in the Covid-19 context.
  • Advised Integral Ad Science on contract negotiation and data privacy matters for marketing and advertisements in order to be competitive in its negotiations with French top website publishers and advertisers and to meet their standards for data privacy and cookies.

Pinsent Masons LLP

Pinsent Masons LLP frequently provides highly technical advice on GDPR compliance, especially to clients in highly regulated sectors such as healthcare, financial services, and insurance. Additionally, the team has particular expertise in cybersecurity strategy and contentious data protection matters, including assistance with judicial strategy and adherence to sanction procedures, as well as advising on the development of incident response teams. Practice head Annabelle Richard is dual-qualified in New York and Paris and focuses primarily on data protection and cybersecurity, telecoms, technology, and internet law.

Practice head(s):

Annabelle Richard


Business-oriented expert in this field with precise knowledge. Annabelle Richard is very attentive to her clients she knows how to take the lead when necessary. She has very good expertise!’

‘The Pinsent Masons LLP Paris office team in charge of Data Protection matters stands out in the market for its practice and expertise in assisting its clients in the event of security incidents and data breaches.’

‘We have recourse to Annabelle Richard for the management of security incidents and possible breaches of personal data. Annabelle is the only associate lawyer able to respond to emergency and crisis situations in an efficient and pragmatic manner with unique expertise on these subjects.’

Taylor Wessing

The team of specialist data protection lawyers at Taylor Wessing advises international blue-chip companies on a wide range of privacy regulation-related matters, frequently with a multi-jurisdictional element. Its experience includes GDPR compliance, data breach incident responses, and data breach preparedness regarding appropriate responses to accidental data loss and data theft. The team frequently uses injunctive relief to obtain digital evidence and has recently developed TechSet, a suite of electronic tools to support clients. Valérie Aumage is head of IT and data, while Marc Schuler is head of IP/IT.

Practice head(s):

Valérie Aumage; Marc Schuler


Unquestionable and continuously renewed expertise, with the ability to analyse quickly and suggest appropriate responses.’

Key clients





Tik Tok



B&B Hotels



Zurich Insurance

Oppo Telecom


Work highlights

  • Assisting Tik Tok in privacy and data protection issues in relation to the operation of its content sharing platform.
  • Assisting Comcast International France in privacy and data protection issues in relation to the operation of its ad tech activities.
  • Assisting Hiscox in managing cyber claims


The Paris-based team at Astura is expert in IT law, IP, and personal data, and is particularly strong in handling the data protection aspects of large transactions such as M&A and corporate financing. It is a popular choice for domestic clients ranging from mid-sized and large corporates and start-ups, with clients able to benefit from the firm's development of a platform to automate drafting legal documents. It also advises on GDPR compliance audits. Practice head Matthieu Mélin is the key contact.

Practice head(s):

Matthieu Mélin

Delsol Avocats

The interdisciplinary data protection team at Delsol Avocats is experienced in a wide range of data protection law matters, including GDPR compliance, the drafting data protection policies, and compliance with regulations surrounding personal data protection. Jeanne Bossi Malafosse focuses primarily on data protection particularly as it intersects with health information systems.

Practice head(s):

Jeanne Bossi Malafosse

Key clients


Work highlights

  • Advised CNOP on compliance with data protection regulations.

Klein Wenner

Klein Wenner combines data law expertise with in-depth knowledge of the digital economy. The practice focuses on GDPR-related matters, ranging from high-profile contentious matters to day-to-day assistance with data protection compliance issues. Compliance analyses, including those involving multiple cross-border elements, the drafting of data privacy documents such as privacy policies, representation in exchanges with the French data protection authorities and assistance with data breaches account for a significant portion of the caseload. The team is also sought after for data protection training and contributions to well-known publications in the field of data protection and data privacy. The practice heads are Laurent Badiane and Matthieu Bourgeois.

Practice head(s):

Laurent Badiane; Matthieu Bourgeois


Very good knowledge of data law. They keep themselves up to date with the evolution of data law and also seek to provide in-depth knowledge of the more peripheral topics.’

Matthieu Bourgeois: Excellent responsiveness; very good pedagogical skills – takes the time to explain different choices and their outcomes; proactive approach that goes beyond the normal work to raise changes in the law; solid technical skills which allows us to discuss modern topics such as SaaS, API, clouds without any problem.

Key clients











Work highlights

  • Assisted UFC QUE CHOISIR in the first French class action introduced against Google LLC and Google Ireland for several breaches of the data protection regulation.  
  • Assisting HAPPN with its compliance with GDPR and with its day-to-day personal data needs.
  • Assisted VESTIAIRE COLLECTIVE with its compliance with the GDPR and with its day-to-day personal data needs.  

Luzi Avocats

The team at Luzi Avocats handles contentious and non-contentious issues, with expertise extending to dawn raid inspections, GPDR compliance, and day-to-day data privacy advice for major corporates. Its clients often include global companies active in the transportation, data and media industries. Founding partner Olivia Luzi's practice extends to general IT and media law and she is also a key contact for clients in the banking and healthcare sectors.

Practice head(s):

Olivia Luzi

Key clients






CNCC – Compagnie nationale des commissaires aux comptes

Sqills Product BV



Federation Francaise du Baitment (French Building Federation)

Traveldoo (Expedia Group)

Orthoclinical Diagnostics




SCR Group


Magic Notary



Work highlights

  • Advised OVHCloud on the launch of its business-to-business marketplace (drafting the general terms and conditions of use applicable to vendors).
  • Advising Sqills Product on the drafting and negotiation of a major license and implementation agreement in a public tender issued by the Swedish Rail company.
  • Advised Biogaran on the drafting and negotiation of several IT contracts (integration, services, consulting, maintenance, SaaS).

McDermott Will & Emery AARPI

McDermott Will & Emery AARPI offers a combined data protection and cybersecurity practice, with Romain Perray at the helm of the practice. The practice acts for a diverse client range, with in-depth knowledge of the automotive, life sciences, consumer goods, e-commerce and technology, public sector and industry sectors. Assistance with the development and implementation of GDPR and cybersecurity programmes, including the conduct of the necessary audits, is a core part of the caseload. Other strengths include negotiations of complex IT and commercial agreements that involve a heavy data protection component, cross-border data transfers and advising start-ups focusing on artificial intelligence, big data or medtech, often in cooperation with the firm's dedicated start-up hub.

Practice head(s):

Romain Perray

Other key lawyers:

Lorraine Maisnier-Boché


Romain Perray’s team at MWE is a very capable and professional team with excellent expertise in data protection laws, particularly in Europe. Romain as very good technical skills and is a pleasure to work with.

The team at McDermott has a pragmatic approach und offers a truly adapted legal solution to its clients.’

Romain Perray is an accomplished lawyer whose expertise in the field of data protection is outstanding. He stays abreast of developments in this constantly evolving area of law. He is supported by a team of able colleagues, including legal researcher Mai Matsubara whose expertise, professionalism and language skills have been invaluable.

Key clients

Nissan Motor Co & Nissan International

PSA (Peugeot)





Aptar Group



Work highlights

  • Assisting Nissan Motor Co. with its worldwide GDPR compliance programme.
  • Advising biopharmaceutical company Poxel on a day-to-day basis regarding data protection issues, including assistance with its GDPR compliance programme and with contract negotiations.
  • Advising Amadeus on IT security and the use of biometric data, including regular assistance with all security legislation impacting the client on a worldwide basis and analysis and legal opinion on potential reuse of biometrics data, such as the compliance obligations for reuse and legal risks.

Norton Rose Fulbright

Norton Rose Fulbright has strength in a wide range of matters involving IT, data protection, and cybersecurity, including the data protections aspects of due diligence for international transactions, advice on cross-border data privacy matters, and general GDPR compliance. The team works closely with global cybersecurity experts, public relations experts, and ransomware negotiators. Additionally, in light of Covid-19, it has seen an uptick in instructions to advise major multinationals on health-related personal data. Nadège Martin leads the team and is noted for the data protection aspects of major IT transactions and software compliance audits.

Practice head(s):

Nadège Martin


‘The team has long term expertise and has a broader knowledge than data privacy which expands to general IT and IP matters, including litigation which is very useful for the management of security incidents.’

Simmons & Simmons

Simmons & Simmons advises local and international clients active in the financial, healthcare, and life sciences sectors on all aspects of data privacy regarding both French and European regulations. The group is highly experienced in niche areas of data privacy and protection, including bank secrecy rules, digital marketing, and data protection issues related to clinical trials. Practice head Sarah Bailey specialises in intellectual property and regulations regarding the preservation of data relating to health and finance.

Practice head(s):

Sarah Bailey


Their expertise on GDPR matters is very fine and their ability to respond to the issues raised and to formulate a complete and very detailed legal opinion is excellent. We only contact Simmons & Simmons when we need the best legal advice on the matter.’

Key clients


Work highlights

  • Advised Roche France on complex projects involving the processing of health data and genetic data.

White & Case LLP

White & Case LLP provides general advice on privacy and cybersecurity, conducts audits, and cyber risk management for clients in the transportation, social media, pharmaceutical and luxury brand sectors. The team pulls talent from counterparts in other practices, both locally and globally, to provide full geographic coverage. Its experience includes GDPR compliance, due diligence, and joint ventures. Bertrand Liard frequently advises multinational corporates on the full range of data protection matters.

Practice head(s):

Bertrand Liard

Key clients



Saint Gobain

Frans Bonhomme

Work highlights

  • Represented Facebook in several data protection and unfair competition matters in Europe, in particular in France, Germany and Austria.
  • Advised Natixis on data privacy issues such as (i) the privacy analysis of processing to assess their GDPR compliance and related action plan and (ii) conducting a privacy impact assessment for its big data platform