• Jeanne BOSSI MALAFOSSE, Avocat associé, responsable du département Données personnelles, organise à Paris, le 12 décembre 2017, une formation sur le thème : "Le cadre juridique et fonctionnel de l’échange et du partage des données de santé".

  • Jeanne BOSSI MALAFOSSE, Avocat associé, responsable du département Données personnelles, organise à Lyon, le 14 septembre et à Paris le 5 octobre 2017, une formation sur le thème : "Le nouveau Règlement européen sur la protection des données personnelles : principes et nouvelles obligations"...

  • Jeanne BOSSI MALAFOSSE décrypte les conséquences de l’application des dispositions du règlement européen sur la protection des données du 27 avril 2016 sur les données de santé, dans un article paru aux éditions Dalloz IP/IT du mois de mai 2017

  • Jeanne BOSSI MALAFOSSE, Avocat associé, responsable du département Données personnelles, organise à Paris le 22 juin, une formation sur le thème : Le nouveau Règlement européen sur la protection des données personnelles : principes et nouvelles obligations...

  • Un décret adopté le 27 mars 2017[1], après avis de la CNIL[2], détermine les conditions d’utilisation du numéro d’inscription au répertoire national d’identification des personnes physiques (« NIR ») comme identifiant national de santé (« INS »). 

DATA
PROTECTION


blog

The Data Protection department offers support with all your issues relating to the protection of personal data. Whether this involves answering ad hoc questions regarding the application of the French data protection act (Loi Informatique et Libertés) or assisting with the implementation of a privacy by design project, we help you achieve compliance with the principles of personal data protection and their interpretation by the French data protection agency, CNIL, now and in the light of future regulations.

The widespread digitisation of everything we do, and its corollary, data proliferation, put data protection firmly at the heart of business activities and the workings of public bodies.

This universal “datafication” makes the issue of data protection both unavoidable and crosscutting. No sector of today’s economy is exempt from the gathering and processing of data. No sector can ignore the need for compliance with the principles of data protection.

The approach adopted in France, hitherto governed by the principles and formalities of the French data protection act (Loi relative à l’Informatique, aux fichiers et aux libertés) of 6 January 1978, has now been superseded by the new EU General Data Protection Regulation (GDPR) of 27 April 2016.

By introducing the principle of accountability, according to which (from 25 May 2018) every data controller must be in a position at any moment to prove that the processing carried out complies with the principles of data protection, the regulation requires all operators to incorporate the new principles into their projects as of now.

The requirement to comply with certain principal obligations will be further reinforced by the new regulation, which provides for significantly increased penalties (fines) of up to €20 million or 4% of the revenue of the organisation concerned.

Furthermore, until such time as the new regulation comes into force, organisations must continue to comply with the existing data protection legislation.

The Data Protection department offers the following services:

- training in the legislation and its application across all sectors, whether for data controllers, subcontractors or internal Data Protection Officers (DPOs),
- assistance on all questions relating to application of the rules of data protection (legal consultations),
- verifying the regulatory framework of your projects as regards the rules of data protection,
- supporting you during audits by the CNIL and by any future oversight authority,
- completing any necessary preliminary formalities required by the data protection authority,
- drawing up a data protection policy and cookie management policy.

When the GDPR comes into force, we will naturally be available to help ensure that you are fully complaint with the new obligations. The Data Protection department is developing a number of structured offers in this area:
- carrying out compliance audits of organisations:

  • o situational analysis (phase 1),
  • o audit of all or part of data processing (phase 2),

- producing privacy impact assessments (PIA) for specific types of processing,
- design and assistance in maintaining the structure’s data processing registers,
- acting as designated DPO providing a service package.

For each of these stages, we work from templates that incorporate all the necessary security requirements:

- drawing up contracts to organise joint data controller liability (a concept introduced by the GDPR),
- drawing up subcontracting contracts and clauses to organise their respective obligations.

BOSSI

Jeanne Bossi Malafosse, attorney and partner, heads the Data Protection department and is jointly in charge of the Life Sciences department. Thanks to her considerable experience, much of it acquired over many years with the CNIL, and to her knowledge of information systems in general and more specifically in the medical, medico-social and social areas, she is an acknowledged expert in the field.

The Personal Data department also comprises:

3 associate attorneys

- Cécile Gleysteen
- Lucille Romestin
- Axelle Louise

1 legal expert

- Claire Lauria

The department works closely with the firm’s other departments, in particular the Life Sciences, Non-Profits, Social Law & Social Protection, Property Law and Public Law departments. The team is equally at home working in French or English.
 


Newsletter De la Relation n°16 (Special Data protection): 
French version English version

Department blog