European Union2018-06-05T17:29:54+00:00



international business lawyer stephan grynwajc

Stéphane Grynwajc
Tel : (+ 1) 347-543-3035

GDPR – what are the requirements for a Data Protection Officer?

The GDPR makes it mandatory for certain companies that control and process the personal data of EU residents to appoint a Data Protection Officer (DPO). However, even when the GDPR does not impose the appointment of a DPO you may find it useful to designate a DPO on a voluntary basis. When do you have to appoint a DPO? The GDPR makes it mandatory to designate a DPO if, in particular, your core activity consists of processing operations which require regular and systematic monitoring of data subjects on a large scale. This might concern you. But what does this really [...]

12 February 2019|

GDPR for U.S.-based law firms – what are the obligations?

Much has already been written about the new General Data Protection Regulation (GDPR) and how it applies to organizations that collect or otherwise access the personal information of EU residents, irrespective of whether those organizations maintain a physical presence in the European Union. However, much less if anything, has been written about our own obligations as lawyers under the GDPR whenever our activities lead us to collect the personal data of EU-residents directly or through our U.S.-based clients. This is the purpose of this article. Before I dive into the core obligations of law firms under EU law, I would [...]

12 February 2019|

So, Is Privacy Shield GDPR Compliant?

In the first edition of this article published on this blog on March 3, 2018, I explained how the Privacy Shield fits within the overall question of compliance with GDPR, and whether it is deemed sufficient in documenting a company’s compliance with the new EU law on privacy. Indeed, one of the most common questions I continue to get asked  about the Privacy Shield is, “Is Privacy Shield GDPR compliant?”. This question needed to be clarified , as it could mean one of two things in the mind of the person asking it: Is the Privacy Shield a mechanism that meets the [...]

12 February 2019|

GDPR: Am I required to appoint an EU Representative?

GDPR has extra-territorial reach. Under the new law, an organization with no entity, no offices, no server, or no employees in the EU may still be subject to GDPR. If it is, it may have to also appoint a representative in the EU. In this article we introduce the requirement, purpose and role of the EU representative under GDPR. […]

26 July 2018|

Alleging “legitimate interests” to process data for marketing purposes

If legitimate interest is often seen as the most convenient method relied upon by organizations for processing data, it is also one of the most litigated areas at both the European level and the national level in the EU. In this article we explore the particular use of legitimate interest to justify the processing of personal data for marketing purposes. […]

26 July 2018|

Want to Comply with GDPR? Hire EU counsel!

Since GDPR was announced there has been no shortage of “experts” offering GDPR services. However, how many of these consultants are really experts in EU law? In this article, we explain why getting the right lawyer on board – and ensuring that that lawyer is admitted to practice in the EU – is key to maximizing your chances of complying with GDPR and the “national derogations“. […]

23 June 2018|


French Lawyer - Caroline

Caroline Sandler-Rosental
Tel : + (33) 6 81 23 02 97