In this episode, Claude-Etienne Armingaud, Eleonora Curreri, and Camille Scarparo celebrate the fifth anniversary of GDPR accompanied with lawyers from our European offices; Thomas Nietsch and Andreas Müller (Berlin), Nóirín McFadden (London), and Gianmarco Marani (Milan). They reflect on how embedded GDPR has become in the cultural scene and with private enforcement. They also touch on the future for UK GDPR and the Data Protection and Digital Information (No.2) Bill.

May the enforcement be with you!

First publication: K&L Gates Hub with Eleonora Curreri, Gianmarco Marani, Andreas Müller, Noirin M. McFadden, Dr. Thomas Nietsch, Camille Scarparo

Well, that’s a wrap on #DPI23 France!

Claude-Étienne Armingaud, CIPP/E, Partner, Data Protection Privacy and Security Practice Group Coordinator, K&L Gates

Gabriela MercuriManaging Director, SCOPE Europe

Jörn WittmannDirector Privacy Legislative Strategy and Public Policy, Volkswagen AG

Codes of conduct overseen by accredited monitoring bodies are one of the breakthrough innovations introduced by EU General Data Protection Regulation. As part of its accountability framework, GDPR not only shifted the onus of demonstrative compliance, but also created the possibility for stakeholders to engage in co-regulatory practices. The goal was to allow the industry to support regulatory implementation by developing workable guidance to concretize the GDPR’s provisions. More flexible than other previously adopted compliance tools, CoCs generated high expectations, particularly in the wake of Schrems II, as a possible solution to address international data transfers and enable legal foreseeability. CoCs have not yet reached their full potential, with only a handful of national CoCs deployed and even less at the pan-European level. However, as the cloud ecosystem leads the way, this panel will explore the background of this sectoral success while highlighting CoC’s benefits, as well as their limitations.

What you will learn:

• How to understand the relevancy of CoCs in a post-GDPR, post-Schrems II era.

• What CoCs can bring to an ecosystem, as well as what they should not be pursued for.

• The future of international data transfers amid emerging data protection systems at global levels.

More information.

Très heureux d’avoir accueilli ce matin en nos locaux GEOTAB pour la conférence « Flottes connectées, réglementation et expériences réussies », modérée par François Denis, Directeur Général France GEOTAB.

Claude-Etienne Armingaud, CIPP/E, associé Protection des données, nous a exposé les enjeux du droit des données à caractère personnel en lien avec les véhicules connectés.

Pascal Six, Business Development Manager, a retracé la manière dont GEOTAB a développé et continue d’adapter son offre, dans le respect des lois applicables en matière de protection des données à caractère personnel.

Pour terminer, Bertrand MATHIEU Directeur des Opérations VAC / Hardouin Loc, nous a fait part de son expérience client réussie avec GEOTAB.

Merci aux intervenants et participants !

Claude-Etienne, Armingaud, Associé
K&L Gates

Stéphane Bonifassi, Associé fondateur
Bonifassi Avocats

Les options d’examen et d’analyse assistées par la technologie sont de plus en plus utilisées dans les enquêtes internes et externes, notamment par les multinationales. L’utilisation de l’analyse des données peut apporter efficacité, précision et réduction des coûts. Cependant, le croisement entre le droit et la technologie soulève des préoccupations uniques en matière de protection de la vie privée et d’autres questions juridiques lors des enquêtes internes et externes : cette session permettra de vous mettre à niveau. Les sujets de discussion incluront :

  • Étudier la manière dont l’analyse des données et la découverte électronique peuvent aider les enquêtes multinationales.
  • Comprendre vos obligations selon la loi Schrems II, le RGPD et d’autres législations.
  • Apprendre les meilleures pratiques pour se conformer à ces obligations lors des enquêtes internes ou externes, de la diligence raisonnable et de la dénonciation des dysfonctionnements.
  • Comparer et intégrer des lignes directrices de la CNIL et du Conseil européen de la protection des données, entre autres.
  • Déterminer l’impact de la proposition de cadre transatlantique pour la protection des données sur votre pratique quotidienne.

Plus d’information

Join us on 19 January 2022 – 1.30pm GMT

Host – Paul Hampton, Senior Product Manager, Thales

Speakers :

  • Stewart Room, Partner, Global Head of Data Protection & Cyber Security, DWF
  • Claude-Étienne Armingaud, CIPP/E, Partner – Practice Group Coordinator | Data Protection, Privacy and Security, K&L Gates LLP
  • Ray Walshe, Director and EU Observatory for ICT Standards, Dublin City University

Most organisations have felt the impact of accelerating their cloud adoption strategies in the past two years. While beneficial to the enterprise in numerous areas, such as faster application development, combined with the ability to experiment and quickly leverage elasticity and resiliency, these benefits have also brought significant new security challenges.

Today, enterprises are grappling with security issues never before faced or addressed. The debate of shared responsibility between provider and customer, data sovereignty, the utopian cloud environment and the constant changing of threat models to name a few.

This session will draw on the recent findings of the 2021 Thales Cloud Security Report to discuss how European enterprises are handling the data security repercussions of an accelerated cloud deployment.

Areas for Discussion

• The widespread use of SaaS within the enterprise

• Cloud complexity with ‘lift & shift’, multicloud, and hybrid

• Encryption in the cloud is not as widespread as enterprises think

• How successful are enterprises in maintaining compliance and avoiding breaches in the cloud

• Who owns responsibility for the security of data in the cloud

More information and registration here

On a first day packed with fascinating insight at PrivSec Global, experts explored lessons that enterprise organisations have learned from the first three years of the GDPR.


GDPR fines have been increasing over the last 18 months, and it is proving to be a complex environment for the regulators and the regulated. But GDPR has not led to seismic changes (the possibility of entirely new operating models, for example), but has had a major effect on the ways organizations collect and use data. This panel will discuss the last few years and look ahead to gauge what we have learned and how things will and should change.

Speakers Include:

Jacob Høedt Larsen, Head of Communications, Wired Relations

Andreea Lisievici, Head of Data Protection Compliance, Volvo Car Corporation

Claude-Etienne Armingaud, CIPP/E, Partner & Practice Group Coordinator – Technology, Sourcing and Privacy, K&L Gates

More information.

We are currently experiencing an interesting time in our economy around the future of work. In describing the future of work, there are four main aspects that come into play: (i) People will be able to work remotely and with flexible schedules; (ii) New industries and jobs will be created complementary to technology; (iii) There will be more entrepreneurship and self-employment; and (iv) Due to technology advancements, there will be fewer jobs that require humans.

Against this backdrop, the COVID-19 outbreak pointed out that these new working norms are going to become the future. In fact, more and more companies wonder whether people can work effectively and achieve a level of work-life balance in light of these new working conditions. At the same time, there is considerable research showing that diversity can be the answer to these considerations, leading to a significant performance advantage.

As law firms around the world have been forced into an unplanned experiment with remote and flexible working, the webinar will aim to explore what the new COVID-19 reality means for the workforce and how can they embrace the pandemic’s opportunities for learning and thriving in the workplace.

Les 12 et 13 février 2020, l’IAPP organise sa conférence “Data Protection Intensive: France” — retrouvez nous lors du panel “Global Developments: CCPA and Beyond” avec Delphine Charlot de Mastercard et les meilleurs moments ci-dessous: