Home / Insight / Digital Platforms / Protecting data

Protecting data

Complying with the regulations on personal data processing

Our dedicated data protection team will assist you with the implementation of the measures necessary to ensure your compliance with the applicable data protection laws and regulations (GDPR, Loi Informatique et Libertés [French Data Protection Act]) and with all issues related to cybersecurity.

Data protection: a key issue in the platform ecosystem

Processing of personal data is a core activity of platforms, which must guarantee the fairness and legality of the processing which they carry out, while allowing operators to exploit personal data in order to increase their visibility, optimise traffic, understand their customers and increase transaction volumes. The processing of such data entails significant responsibilities, whether platforms are acting as data controllers or as data processors.

Failure to comply with these obligations may have serious consequences, since the platform operator may be sanctioned by the supervisory authority or face a liability claim from the data subjects.

As a key resource, the data processed by platforms must also be subject to special protection measures. Security incidents leading to personal data breaches have been steadily increasing for several years.

When a data breach occurs within an organisation, it may also be required to notify the supervisory authority and/or the data subjects about the breach.

Supporting platforms with their compliance programs

Our dedicated team assists platform operators at all stages of their compliance and also provides technical and legal assistance on cybersecurity.

We are notably involved in the following missions:

  • Assistance with the identification and implementation of legal and regulatory data protection obligations;
  • Assistance with the mapping of processing and the implementation of processing registers;
  • Drafting of user information notices for the platforms;
  • Assistance in conducting data protection impact assessments (DPIA);
  • Drafting and negotiation of data processing agreements (agreements between the data controller and the processor, agreements between joint controllers);
  • assessment and implementation of the safeguards in international transfers of data outside the European Union;
  • Drafting of model clauses/internal rules;
  • Assistance in implementing data governance;
  • Representation during investigations or enforcement procedures by the supervisory authorities (CNIL);
  • Security audit of Information Systems
  • Support in obtaining certifications (ISO 27001, ISA 3402, SOC 1/SOC 2)
  • Crisis management, analysis and resolution of security incidents;
  • Legal support and coordination for notifications to the supervisory authorities (CNIL, ANSSI, ARS, etc.) and data subjects, within France and abroad.
A question ? A need ? Contact us!