Data Management and Protection
Data has become an exceptional source of growth for businesses, whether it is personal data (such as for the purposes of marketing targeting or optimizing customer experiences); or more technical data (such as data on power consumption, air quality, traffic, etc.).
Given its experience in digital law, in particular with start-ups in the field of Big Data, LECLERE & LOUVIER AVOCATS is able to assist its clients in the legal management or valorisation of their data, whatever their nature.
1.Management of Personal Data
The famous "GRDP" (General Regulations on Data Protection), has come into force on 25 May 2018.
This Regulation takes up and extends many principles existing in French law (user consent and information, rights of access and opposition, restricted use of sensitive data, etc.), while creating new rights (portability, right to oblivion...) for data subjects and new obligations for companies that collect data, either for themselves or on behalf of their clients (as subcontractors).
In view of the very sharp increase in sanctions by the GRDP (administrative fines of up to 4% of worldwide turnover), and the increased monitoring powers of the CNIL, it is essential that companies comply with the new Regulation.
LECLERE & LOUVIER AVOCATS assists you in this process of compliance with GRDP by taking the following actions:
- Initial audit of data processing and contracts with clients and subcontractors, establishing practical recommendations for compliance;
- Operational recommendations on data processing;
- Drafting or adaptation of customer/supplier contracts;
Technical recommendations may also be issued by our partners (such as in IT processes) following or in the framework of this audit.
Our Firm may also be designated as external DPO (Data Protection Officer) for companies subject to this obligation, or any company wishing to appoint a DPO.
As attorneys at law, and with in-depth knowledge in the field of personal data law, we offer the necessary guarantees of independence and competence to be appointed as external DPO, according to article 37 of GRDP.
In all cases, the terms of this appointment will be the subject of a specific agreement with the client.
2 Management and Valuation of Technical Data
Our Firm also helps its clients to make the most of non-personal data, which can be used as the basis for a new range of services.
Although the law on personal data is not recent (the founding law dates back to 1978), the law on "technical" data is still emerging and appears as a "grey area".
Hence the possibility of making the best use of contractual tools to enhance and exploit these data.
In this respect, we first of all propose to our clients to analyse the nature and possible protection (at the legal level) of the data collected.
We can also set up the necessary contracts for the exploitation of this data with clients or partners (database use licences; service contracts, etc.).