trial lawyer

Mathilde Gérot, Attorney at Law in Paris 8

Data protection is a top priority

Does your business need to comply with the General Data Protection Regulation (GDPR)? Are you facing an audit by the CNIL or a complaint? Are you handling a security incident involving personal data?

Since the GDPR came into effect in 2018, personal data protection has become a major strategic issue for nearly all businesses. Between complex compliance requirements, financial penalties of up to 4% of global revenue, and increased scrutiny from consumers and regulatory authorities, navigating this demanding legal environment requires specialised expertise and a pragmatic approach.

Contact the Firm
business litigation attorney in a strategy meeting

The Challenges Facing Businesses

GDPR imposes specific obligations on any organisation that processes personal data: establishing a legal basis for each processing activity, adhering to the principles of data minimisation and purpose limitation, respecting individuals’ rights, implementing security measures, documenting compliance, and reporting data breaches within 72 hours.

The risks involved

Companies that fail to comply with the GDPR risk:

Massive financial penalties 

up to 20 million euros or 4% of global annual revenue

Binding corrective measures 

suspension of proceedings, injunctions subject to a penalty payment

Damage to reputation

publicity surrounding the sanctions, loss of customer confidence

Liability claims

compensation for individuals whose data has been compromised

Compliance as a Competitive Advantage

Beyond the risks, effective management of personal data builds customer trust, strengthens your business relationships, and sets you apart from your competitors.

support strategic decisions through legal analysis and economic realities

My Services

Compliance Audit

  • A comprehensive overview of your personal data processing activities;
  • Mapping your data flows;
  • Risk assessment and prioritisation of actions.

Compliance Support

  • Development of a personalised action plan;
  • Drafting your data processing register;
  • Drafting your privacy policies and legal notices;
  • Implementation of procedures for managing individuals' rights;
  • Drafting your subcontracting agreements in compliance with the GDPR;
  • Training for your teams.

Strategic and Operational Consulting

  • GDPR analysis of your new products and services (privacy by design);
  • Guidance on international data transfers;
  • Legal compliance for your digital marketing activities;
  • Support in your dealings with subcontractors.

Immediate response in the event of a cyberattack or data breach

  • Legal classification of the incident;
  • Advice on the obligation to notify the CNIL (within 72 hours);
  • Drafting the notification to the authority;
  • Advice on communicating with those affected;
  • Crisis communication management.

Defence Against Inspections and Penalties

  • Support during CNIL inspections;
  • Response to formal notices;
  • Representation in disciplinary proceedings;
  • Appeals against decisions by the CNIL.

Complaint Management

  • Handling complaints referred by the CNIL;
  • Negotiation with the authorities;
  • Representing your interests throughout the proceedings.


Real-life examples

 "We have received a formal notice from the CNIL following a complaint"

A customer or employee has filed a complaint with the CNIL. I can help you analyse the allegations, prepare a well-reasoned response, and implement the necessary corrective measures within the required timeframe.

"We have just been the victim of a cyberattack involving the theft of customer data"

I will step in immediately to assess the incident, determine your reporting obligations, draft the report to the CNIL within 72 hours, file a complaint if necessary, and advise you on the best course of communication.

"The CNIL has notified us of an on-site inspection"

I will help you prepare for the audit, advise you on the documents to submit, assist you during the audit process, and serve as your point of contact with CNIL officials.

"We're launching a new app and need to be GDPR-compliant from the start"

I analyse your project from the very beginning (privacy by design), help you incorporate GDPR compliance into the development process, and draft your legal documents.

My approach

Legal strategy for growing businesses

A pragmatic, business-focused approach

My experience allows me to balance legal requirements with operational realities. I help you find solutions tailored to your business, its size, and your resources.

Technical and legal expertise

I grasp quickly your information systems, business processes, and technological constraints, which enables me to offer you realistic and effective solutions.

Responsiveness and availability

When it comes to personal data, time is often of the essence. I am committed to responding promptly and meeting critical deadlines.