I have devoted the past eight years of my practice to serving as a Data Protection Consultant, helping a variety of companies and governmental organisations comply with European Union, French and Spanish data protection and privacy requirements.
✲ Advice on data protection requirements: European Union, France and Spain
✲ Data protection audit
✲ Website audit
✲ GDPR compliance:
. Assessing your current data protection programme,
. Elaborating an Action Plan for your GDPR compliance roadmap,
. Elaboration of organizational procedures according to GDPR (data breach notification procedure, management of data-subject rights’ requests, etc.),
. Data protection impact assessments (DPIA),
. Legitimate interest assessments (LIA)
✲ External DPO (France) – Acting as a Data Protection Officer on behalf of your organization, according to the GDPR’s mandate.
✲ DPO support (France and Spain)
A few of the most complex issues in the field are the reuse of health data, the legitimation of data transfers, and the determination of the roles of organizations engaging in clinical research. Moreover, the fragmentation of legislation at the national level within the EU makes it harder for organisations to carry out transnational clinical research. But thanks to my work with an EU patient organization and an American sponsor, I am well versed in the requirements related to data sharing in clinical research.
I have answered queries and offered informational sessions to senior managers of companies on the monitoring of email and the monitoring of employee behaviour by way of digital devices in the workplace.
I co-teach a course on Cybersecurity law at the ESADE Business School (Spain) and I am often invited to speak at webinars and conferences on privacy and data protection matters around the world.
Feel free to contact me to speak at your school or at your next event. I am fluent in English, French and Spanish.
Data protection courses tailored to your needs
✲ Provide professionals with specialized training on data protection law and assistance in preparation for the CIPP/E professional certificate (2020 - Present)
✲ Provided training on data protection law to civil servants working for public institutions in a Spanish region (2008).
✲ Co-teach a course on cybersecurity law at ESADE Business School, Spain (2018 - Present)
✲ Helped develop a data protection course for the legal publisher Lefebvre-Sarrut (2019)
Latest presentations as a guest speaker:
✲ Johnson County Community College, USA
. Geolocation: what are the privacy risks? (March 2023)
. Cybersecurity for legal professionals (March 2023)
. Introduction to cybersecurity law (EU and US) (Oct. 2022)
. The EU-US Comparative Legal Framework: The Processing of Biometric Data (March 2022)
✲ University of Santiago, Chile
. There Is No Rule without an Exception: Key Aspects and Practical Examples of Health Data Processing According to the GDPR (Dec. 2021)
✲ ISACA Greater Houston Chapter, USA
. A brief review of the NIS2 Directive (Feb. 2023)
. How to handle data subject rights. Lessons from practical examples (Dec. 2022)
✲ AFCDP, University of DPOs, France
. European Data Protection Board 2020-2021: What recommendations for data subject rights management? (April 2022)
✲ IAPP Virtual KnowledgeNet, Romanian Chapter, Romania
. Cybersecurity and Privacy (March 2022)
✲ OneTrust Privacy Connect, Spain
. Artificial Intelligence and Privacy: The New European Proposal and the Status of Facial Recognition (Oct 2021)
✲ PrivSec Global, UK
. How Do Data Protection Regulations Apply to AI? And Is GDPR Ready for Facial Recognition? (June 2021)