Data protection and privacy

Since the General Data Protection Regulation came into force on 25 May 2018, it has become imperative for companies to consider the rules governing the collection and processing of personal data in their daily economic activities.

Although the RGPD has been in force for several years, its application is still patchy, although the number of sanctions and warnings issued to companies that fail to comply with these obligations is increasing.
This negligence is not without risk, given that fines for non-compliance with the RGPD can reach €20 million or 4% of the total global annual turnover of the last financial year of the penalized company, whichever amount is higher.

Now that the RGPD has become inevitable, a company must be able to implement an appropriate compliance policy tailored to its activities and practical needs. It must also train and raise awareness among its employees about the regulatory requirements in force, appoint data protection officers and adapt its cookie policy, etc.

It must also be able to deal with specific issues relating to the protection of personal data, in particular when drafting contracts, dealing with data leaks or conducting an internal investigation.
Your challenges Our way Clients stories

Your challenges

Conducting a business that complies with applicable regulations on the protection of personal data

Implementation of internal data processing guidelines

The company needs to implement a global data management strategy. It needs to raise awareness among its employees, identify the issues specific to its activities and establish internal risk prevention procedures.

Compliance with international data transfer regulation (outside the EU)

The RGPD provides a strict framework for international data transfers. Companies must be able to adapt to different rules depending on the destination country and provide sufficient contractual safeguards. In certain cases, companies must obtain authorization from the CNIL before transferring data.

Respecting GDPR in commercial relations

Companies must also manage the issue of personal data processing in their interactions with customers, prospects, suppliers and partners. In addition to contractual relationships, they must develop a cookie and data collection policy that complies with applicable regulations.

Reacting to data breach

In the event of a data breach, the company must be able to react without delay. It must in particular organize its cooperation with the authorities, implement remediation measures and at the same time prepare its own defense in anticipation of potential litigation.

Organizing one's defense in data protection litigation

A company that fails to comply with personal data protection regulations can face very severe penalties, including fines. This risk has increased with the development of new forms of litigation, such as class actions.

Our way

Assisting the company in all matters and issues relating to personal data, both in terms of advice and litigation.

Assessment of the company's personal data risks

Our team of lawyers is qualified to carry out an in-depth, personalized study of all the challenges faced by a company in relation to the collection and processing of personal data.

Drawing up a personalized compliance policy that is tailored to the activities and needs of the company and that ensures a rigorous framework and better protection of personal data

We help companies create, implement and regularly update an internal personal data protection policy in line with changes in legislation and CNIL guidelines.

Expertise in support of complex criminal proceedings in relation to personal data issues

We have significant experience in managing and handling criminal litigation involving issues of surveillance and recovery of personal data.

Handling communications with the French data protection agency

We assist you in non-contentious exchanges with the CNIL, in validating data management clauses and policies, and in communications relating to data leakage.

A tailored defense strategy when legal proceedings are brought against the company

We provide a rapid response and ongoing monitoring in the event of a case being brought against the company before the CNIL or any other court.

Accolades Navacelle
Navacelle once again in 2025 picked in
Corporate Compliance & Investigations
Sources say: "They have extensive experience in all kinds of criminal proceedings and large-scale internal investigations"
Stéphane de Navacelle once again in 2024 picked in
Compliance & Investigations
Sources say: "Stéphane de Navacelle's biggest strength is his ability to handle the technical legal aspects of corporate criminal investigations in France"
NAVACELLE recognized once again in 2024 in
WHITE COLLAR CRIME
Sources say: “A strong team which is able to deal with complex white-collar matters including those with a cross-border element.
The firm is very adaptable to changing circumstances and able to respond quickly to increases in workload requirements.
A very good sense of the overall strategy in any case.”
Navacelle once again identified in 2024
as one of the world's top 100 firms for
CROSS-BORDER INVESTIGATIONS
Julie Zorrilla recognized in 2023
as Global Leader in
BUSINESS CRIME DEFENSE
CORPORATES
NAVACELLE recognized once again in 2024 in
FINANCIAL MARKET & BANKING REGULATORS AND STOCK MARKET LITIGATION
Litigation & Arbitration
“ Excellent ”
NAVACELLE recognized once again in 2024
identifed as one of the Tier 1 law firm in
COMPLIANCE
★ ★ ★ ★ ★
Julie Zorrilla selected in
Women in Investigations 2021 as
ONE OF AN HUNDRED
EXCEPTIONAL WOMAN IN THE
WHITE COLLAR WORLD

Stay ahead in a rapidly changing world

Subscribe for Navacelle insights & critical updates

Listen all podcasts