Stephanie Faber heads the Data Privacy & Cybersecurity Practice and the Intellectual Property & Technology Practice in the Paris office. She specialises in international business law, with more than 20 years of experience. Her legal practice encompasses business transactions and operations, as well regulatory and compliance work.
In relation to the Data Privacy & Cybersecurity Practice, Stephanie advises on:
- GDPR gap assessment and compliance programs
- Data breach management and notification
- Database creation, international transfers (Privacy Shield, BCR and Model clauses), cloud, HR data (including employee monitoring), marketing usage, health data, financial-related services, etc.
- Whistleblowing (including new mandatory requirement effective 1 January 2018)
- Contract negotiations
- Relations and registrations with the French data protection authority, the CNIL
The Intellectual Property & Technology Practice of the Paris office encompasses advising on, drafting and negotiating contracts in the following areas:
- Commercial contracts, including distribution agreements, services and supply agreements, advertising agreements, logistic agreements, general conditions of sales and sponsoring agreements
- Joint ventures, transfer of businesses, assets or licenses
- French regulations applying to commercial businesses, including e-commerce such as consumer protection, competition, advertising, product liability, abrupt termination of ongoing commercial relationships, distance sales, on or offline gaming and lotteries, and use of French language
- IT, media and telecom contracts and outsourcing
- Communication and media regulations
- French anticorruption regulation (including compliance programs required since 2017), UKBA and FCPA
- Relationship with regulators such as the DGCCRF (in charge of consumer protection and competition in France) and the CSC (Commission of Safety for Consumers), as well as the ARCEP (French regulator of the electronic communications and postal sectors)
Her commercial practice also includes conflicts and pre-litigation situations.
Stephanie also provides vocational and client training on regulatory or contractual matters. She is a speaker at the Law School of University of Paris II Panthéon-Assas for its “Diplôme d'université de la protection des données – Data Protection Officer (DPO)” (Data protection – DPO university degree) aimed at training future DPOs under the new European General Data Protection Regulation (GDPR). The degree is open to professionals who already have a first experience.
Stephanie is a member of IAPP, French Privacy associations AFCDP and ADPO and ICC’s Commissions on Digital Economy and Corporate Responsibility and Anti-corruption.
Stephanie regularly writes articles in French and in English, on both the firm’s blogs and with specialised press. She has also spoken at various conferences in the UK, France, Brussels and the Middle East.
More Legal and Business Bylines From Stéphanie Faber
- Watch Out for These Very Important Documents on “Transfers” and “Processing” of Personal Data - (Posted On Wednesday, November 18, 2020)
- What is New in the EDPB’s Draft Guidelines on Controllers and Processors Under the GDPR? (Part 3) - (Posted On Wednesday, October 21, 2020)
- What’s New in the EDPB’s Draft Guidelines on Controllers and Processors Under the GDPR? (Part 2) - (Posted On Thursday, October 15, 2020)
- What’s New in the EDPB’s Draft Guidelines on Controllers and Processors Under the GDPR? (Part 1) - (Posted On Monday, October 12, 2020)
- CNIL Terms of Reference for HR Management - (Posted On Tuesday, April 21, 2020)
- Recommendations by the CNIL in the Context of COVID-19 - (Posted On Monday, March 16, 2020)
- Final Call to Participate in the CNIL’s Consultation on Cookies Rules - (Posted On Monday, February 24, 2020)
- Public Consultation in France on the Transposition of the European Electronic Communications Code (Directive 2018/1972 of December 11, 2018) - (Posted On Friday, February 14, 2020)
- Use of the Social Security Number in France - (Posted On Friday, January 24, 2020)
- Territorial Scope of the GDPR Following EDPB’s Final Guidelines (Part 2) - (Posted On Monday, December 16, 2019)