The entry into force in May 2018 of the European Data Protection Regulation (GDPR) is a priority issue for all private and public market players (companies, administrations, associations, etc.). The European text imposes new approaches with which to regulate and protect personal data through the principleof accountability, the creation of a Data Protection Officer, attention to risk-based processing, with appropriate mechanisms, and provides for a significant increase in the levels of sanction applicable in the event of data breaches.

Compliance with the GDPR and the Data Protection Act in its revised version must also go hand in hand with an analysis of data governance or the strategies for their collection and use. 

In order to provide its clients with tools that meet their needs and their development, DEROULEZ AVOCAT offers three specific GDPR compliance packages:




The ACCOMPANIED AUDIT package includes: 

  1. the completion of a legal audit 

  2. the implementation of an action plan.

1. The GDPR legal audit identifies:

  • The personal data processing operations

  • The purposes and the legal basis of the processing operations;

  • The risks related to the processing of personal data;

  • Data flows outside the European Union;

  • Specific risks to privacy;

  • The data controllers and data processors;

  • Information Technology and Civil Liberties documentation. 

The audit is carried out according to the client's wishes, on site and remotely, using all the technological tools enabling a comprehensive and effective approach.

2. The action plan lists the objectives to be achieved and the tools required to do so:

  • Information Technology and Civil Liberties documentation.

  • The register of processing operations:

  • The Data Protection Officer (DPO);

  • Impact studies;

  • The security of personal data;

  • The privacy policy;

  • Information for and exercising the rights of the data subjects;

  • Consent

The action plan is presented and applied to optimize the awareness-raising and training of the staff concerned.

The entry into force of the European regulation on data protection (GDPR) and the revision of the Information Technology and Civil Liberties law require new approaches to regulate and protect personal data.

DEROULEZ AVOCAT also provides an "Accompanied Compliance" package to support its clients in practical terms.

The package includes:

  • Assistance and advice for setting up the DPO, whether outsourced or not

  • The revision and redrafting of Information Technology and Civil Liberties documentation (registry, impact study, notification of security breaches, data security, Information Technology and Civil Liberties charter, privacy policy etc.);

  • The implementation of GDPR tools: impact study, notification of security breaches;

  • The mechanisms enabling the persons concerned to exercise their rights.

  • The updating of the Information Technology and Civil Liberties clauses in mandates and contracts;

  • Review of website disclaimers;

In addition to these packages, DEROULEZ AVOCAT supports its clients through dedicated awareness and training sessions in all types of formats for all types of audiences.

"GDPR Compliance +" package 

The GDPR compliance of companies and organizations is a priority. In addition to auditing and assessment tools, DEROULEZ AVOCAT is also committed to providing its clients with daily assistance and support. 

To do so, the firm has created a dedicated support tool: GDPR COMPLIANCE +.

GDPR COMPLIANCE + is an online subscription plan that allows the firm's clients to:

  • send a question related to GDPR compliance or personal data law in writing or by telephone, and

  • receive the Law firm's answer within 72 hours.  

Each reply, which is the result of a detailed analysis beforehand, is handled by a lawyer.  

GDPR COMPLIANCE PLUS is a complementary tool to proactively secure a client's legal and regulatory environment in addition to more comprehensive support. 

Find our latest articles


jd (2).jpg

DEROULEZ AVOCAT was created by Jérôme Deroulez, a Lawyer at the Paris and Brussels Bars.

A former magistrate, Jérôme Deroulez has also served as an investigative judge. He was then in charge of European and international negotiations for the French Ministry of Justice. Counsel for the Permanent Representation of France in Brussels from 2009 to 2013, Jérôme Deroulez participated in the negotiations of European texts and international agreements in the field of personal data protection, private international law and judicial cooperation in penal matters. He has also acquired detailed knowledge of the French public administration.

Jérôme Deroulez has developed specific expertise in personal data law in France and Europe backed by his experience and practice. He accompanies clients in their compliance and data issues every day.

Jérôme Deroulez is a member of the Brussels and Paris Bar Legal Tech Incubators. He is also particularly involved in the Privacy Tech for which he is the general delegate. He is also a member of the French association of Data Protection Officers (AFCDP), the French Professional Group for BtoB Information and Knowledge (GFII) and the European Alliance for Artificial Intelligence (European Commission).


Practical Information

26, avenue de la Grande Armée
75017 Paris
Tél : 01 85 08 54 76

_D3X6187 (1).jpg