Stephanie Faber heads the Data Privacy & Cybersecurity Practice and the Intellectual Property & Technology Practice in the Paris office. She specialises in international business law, with more than 20 years of experience. Her legal practice encompasses business transactions and operations, as well regulatory and compliance work.
In relation to the Data Privacy & Cybersecurity Practice, Stephanie advises on:
- GDPR gap assessment and compliance programs
- Data breach management and notification
- Database creation, international transfers (Privacy Shield, BCR and Model clauses), cloud, HR data (including employee monitoring), marketing usage, health data, financial-related services, etc.
- Whistleblowing (including new mandatory requirement effective 1 January 2018)
- Contract negotiations
- Relations and registrations with the French data protection authority, the CNIL
The Intellectual Property & Technology Practice of the Paris office encompasses advising on, drafting and negotiating contracts in the following areas:
- Commercial contracts, including distribution agreements, services and supply agreements, advertising agreements, logistic agreements, general conditions of sales and sponsoring agreements
- Joint ventures, transfer of businesses, assets or licenses
- French regulations applying to commercial businesses, including e-commerce such as consumer protection, competition, advertising, product liability, abrupt termination of ongoing commercial relationships, distance sales, on or offline gaming and lotteries, and use of French language
- IT, media and telecom contracts and outsourcing
- Communication and media regulations
- French anticorruption regulation (including compliance programs required since 2017), UKBA and FCPA
- Relationship with regulators such as the DGCCRF (in charge of consumer protection and competition in France) and the CSC (Commission of Safety for Consumers), as well as the ARCEP (French regulator of the electronic communications and postal sectors)
Her commercial practice also includes conflicts and pre-litigation situations.
Stephanie also provides vocational and client training on regulatory or contractual matters. She is a speaker at the Law School of University of Paris II Panthéon-Assas for its “Diplôme d'université de la protection des données – Data Protection Officer (DPO)” (Data protection – DPO university degree) aimed at training future DPOs under the new European General Data Protection Regulation (GDPR). The degree is open to professionals who already have a first experience.
Stephanie is a member of IAPP, French Privacy associations AFCDP and ADPO and ICC’s Commissions on Digital Economy and Corporate Responsibility and Anti-corruption.
Stephanie regularly writes articles in French and in English, on both the firm’s blogs and with specialised press. She has also spoken at various conferences in the UK, France, Brussels and the Middle East.
More Legal and Business Bylines From Stéphanie Faber
- Territorial Scope of the GDPR Following EDPB’s Final Guidelines (Part 1) - (Posted On Thursday, December 12, 2019)
- Claims Against the CNIL’s Decision to Grant an Adaptation Period for Compliance on Cookie Consent Rules Dismissed - (Posted On Thursday, October 17, 2019)
- No More Games! The CNIL Publishes its 2018 and 2019 Activity Report - (Posted On Wednesday, May 15, 2019)
- EDPB Guidelines on Contract as a Legal Basis for Processing: No Hotchpotch Allowed! - (Posted On Tuesday, April 30, 2019)
- European Commission Announces Provisional Agreement on Whistleblower Directive - (Posted On Thursday, March 21, 2019)
- “Platform to Business” Draft Regulation Announced - (Posted On Tuesday, March 19, 2019)
- Understanding the Layered Approach to International Data Transfers Under GDPR - (Posted On Wednesday, February 20, 2019)
- France’s New Investment Control in the Cybersecurity and Technology Sectors - (Posted On Thursday, January 24, 2019)
- Does the GDPR Allow for the Use of Consent for the International Transfer of Data? - (Posted On Monday, January 07, 2019)
- EDPB Publishes Draft Guidelines on the Territorial Scope of the GDPR’s Article 3 - (Posted On Thursday, November 29, 2018)