Scroll to top of page

GDPR compliance: a team effort with data and legal experts

The GDPRGDPRThe GDPR (General Data Protection Regulation) is the latest European regulation on personal data protection, which was enacted in 2016.Learn more will be enforced in just about one month, which means it’s more than time to take the matter head on! Not sure where to start? You can begin by reading the ICO’s guide “Preparing for the GDPR: 12 Steps To Take Now”.
Whether you are in charge of data processing or a subcontractor, you will likely realise that there is a lengthy to-do list when it comes to compliance with the GDPR: security, legal, organisation, business, and client experience challenges could arise. If you don’t have sufficient internal resources (no legal department, no GDPR-savvy Data Protection Officer), don’t go it alone!

Law firm and data companies: a winning team

Your first thought might be to solicit a law firm when it comes to GDPR compliance. You’re not wrong! But involving someone who is an expert in data strategy can nicely complement legal aid. This is especially true if data is at the heart of your digital strategy and you use specific data processing tools (web analysis, media-buying, reporting, DMPDMPDMPs (Data Management Platforms) are platforms that centralise and aggregate all data related to a brand's campaigns and customers. They can hold all kinds of data - online, offline, media, CRM, first-party, third-party... A DMP allows for the segmentation of audiences and the redistribution of data to other advertising platforms, to which it is connected. It aims at optimising client experience and advertising efficiency. Also note that DMPs generally exclude any media activation data that would make it possible to identify a specific individual (PII).Learn more, etc.) which require full knowledge of their functions and business challenges.

The law firm is ideal for:

  • Helping you to interpret the GDPR and answering questions such as “When must I get user consent?”, “How should I treat the data of prospects vs. clients?”, and “What and how should I communicate with my clients?”
  • Assist you with administrative formalities with your local authority (if needed)
  • Draft or update legal documents (contracts, data protection policies, charters, legal mentions, personal data registers, etc.)
  • Inform your Data Protection Officer (DPO) of his or her new responsibilities.

Simultaneously, the data company can assist with:

  • Completing the preliminary audit and defining an action plan, which includes evaluating preparedness for the GDPR, examining current systems, identifying main steps to be taken, and organising fittingly.
  • Digging deeper in certain technical areas, including examining specific tools (such as your tag management system or web analytics tool), market surveillance (e.g. identifying best practices for retargeting), recommending a procedure of detection and notification for data violation, establishing a data pseudonymisation method (CRM identifier, etc.)
  • Unburdening the legal aid where possible by taking on some of its responsibilities such as mapping personal data, formalising purposes for each instance of data processing, identifying subcontractors, educating/raising awareness about GDPR, suggesting internal and external communications strategies, keeping the record of processing activities, taking the project management in charge, considering the place of “privacy by design” in digital projects, etc.
  • Ensuring that data used for marketing purposes is in compliance with GDPR (for example, for user list creation and e-mail campaigns)

It’s not too late to take steps towards GDPR compliance. Depending on your needs, your industry, and your company’s maturity, decide which players will be best for your team: just a law firm, or a law firm working with a data company, or a data company working with your own legal department. You can combine them as you wish so long as roles are clearly defined and each team member brings its own expertise to the game.

Translated from French by Niamh Cloughley.

Want to learn more? Get in touch!


close legal

À propos

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec a venenatis dolor, non ornare ligula. Nam ultricies elementum tellus, sed pulvinar libero egestas nec. Fusce facilisis nulla vestibulum, commodo neque eget, dapibus lacus. Aliquam neque felis, sagittis nec consequat sed, commodo ac ipsum. Sed neque tortor, semper quis viverra et, malesuada et eros. Donec at dui ut ligula pharetra aliquet. Etiam dapibus semper orci. Integer efficitur dolor tortor, nec mattis elit placerat vel. Ut nulla enim, lacinia in pharetra id, convallis vitae massa. Donec neque est, tincidunt non ullamcorper commodo, tincidunt non turpis. Pellentesque viverra enim a sapien placerat, ut volutpat mauris condimentum. Proin tincidunt sollicitudin dui, sit amet condimentum ante commodo a. Aenean posuere aliquam purus, sed aliquam magna sagittis finibus. Morbi molestie feugiat feugiat. Phasellus tempus in dolor vel maximus. Cras efficitur sagittis lorem porta iaculis. Maecenas sed hendrerit urna. In mattis posuere purus, sit amet placerat arcu posuere quis. Etiam nec arcu nec magna interdum maximus. Integer sit amet lacus neque. Curabitur interdum molestie magna, in scelerisque tellus iaculis sed. Sed nec metus ut purus efficitur laoreet a quis eros. Proin dui dui, dignissim eget risus sit amet, bibendum condimentum velit. Maecenas in justo eu elit eleifend consectetur. Aenean scelerisque fringilla sollicitudin. Nam sem nibh, pharetra nec lacus non, mollis interdum odio. Aliquam sollicitudin posuere nibh sed eleifend.


55 SAS, 5 — 7 rue d'Athènes

75009 Paris

+33 1 76 21 91 37



2, rue Kellermann

59100 Roubaix

+33 8 20 69 87 65


Lan Anh Vu Hong

Crédits photo

Mats Carduner, Adobe Stock & Unsplash

Vous avez aimé nos nouvelles fraîches sur l'état du marché brandtech ? Inscrivez vous à notre newsletter