Julie Verdure

I am an associate in the Data Protection & Privacy Group in Paris, where I advise and assist French and international clients on matters relating to the protection of personal data and privacy, both according to European and French law.

I work with clients operating in many different sectors on all issues relating to data protection and privacy.

I have strong experience in assisting organisations in the development and implementation of strategic French and international projects (such as global GDPR compliance project involving the conduct of privacy audits, the preparation of gap analysis and the determination of compliance action plans on the basis of risks assessments) for which I work closely with DPOs and legal counsels and the different key stakeholders.

I also assist clients in establishing and implementing GDPR compliance tools (by preparing information notices for different categories of data subjects (customers, users, employees, etc.), internal procedures and policies required to reach compliance), handling personal data breaches and notifications to the CNIL, and responding to data subjects' rights requests.

Based on my experience working for international companies, and international service providers, I have developed an expertise on the use of processors, including cloud providers, and the chain of sub-processors, and the legal implications as well as on international transfers of personal data :
I have indeed developed extensive experience in assisting clients in the determination of their legal qualification and role in the processing of personal data, by regularly assessing the legal qualification of clients and of their business partners and developing the most appropriate strategy for clients on the basis of both legal and business factors. In this context, I assist clients with drafting and negotiating the necessary contractual arrangements with counterparts, including concerning data processing agreements, joint controller agreements, and intra-group data processing and data transfers agreements.

I also work specifically on issues relating to international transfers of personal data for which I perform in-depth analysis of international projects and their related data processing operations, with assessments of the risks and advice on the mitigation measures to be adopted. I work closely to that end with other B&B offices and best friends law firms.

I have also developed my expertise on the litigation side by assisting clients in the litigation procedures before the French Supervisory Authority (CNIL) and preparing arguments in response for the defense of clients.

• Assisting a leading laboratory in their GDPR compliance project. Acting as a the main point of contact for this project, I carried out a Gap Analysis to assess the level of compliance of the company and contributed to a global and local action plan to be followed in order to reach compliance.