Personal data protection

Information governance

Thibault Soyer began his career with the best French and international law firms specialised in information and communication technologies law. He has transversal expertise in telecoms and IT law to advise you in harmonising and updating your procedures in compliance with both technical evolutions and those of local and European legislation.

He acts in both an advisory capacity and in contentious matters on all issues relating to personal data protection, a sensitive area of law to which business managers should pay particular attention, especially in the context of the GDPR (General Data Protection Regulation).


Practice areas

Soyer & Soyer advises companies from all sectors and of all sizes with respect to their compliance programmes: audits, data retention, confidentiality policies, data breaches,, audits and contractual solutions in connection with international data transfers (BCRs, ad-hoc/intra-group data transfer agreements, standard contractual clauses), as well as with respect to complex financial inquiries, due diligence, e-discovery, relations with personal data protection authorities Commission Nationale Informatique et Libertés (French data protection authority (CNIL)) etc.

Our expertise in personal data protection is concentrated on advisory matters and the contentious matters with the CNIL, acquired through advising both multinational groups and innovative companies with regards to compliance with regulations covering a wide range of sectors including advanced technologies, telecommunications, banking and finance and healthcare.

Types de missions

  • Advising a GPS manufacturer regarding their data protection compliance (intragroup data transfer agreement, relations with the French DPA, GDPR compliance);
  • Advising Globus/Cosmos (tourism group) entities with respect to GDPR compliance;
  • Advising Trainline International Ltd. (and Captain Train, new French subsidiary) regarding their French data protection compliance program, personal data collection/ processing activities and direct marketing compliance;
  • Advising CareerBuilder LLC in the context of the analysis of a new recruitment tool re. French data protection compliance;
  • Analysis of the compliance of a large e-commerce platform in light of data protection and commercial/consumer regulations;
  • Advising a major software and operating systems publisher in respect of the deployment of its BCRs (the company’s code of good practice in transfers of personal data);
  • Advising one of the leading Internet recruitment firms in relation to the deployment of a mechanism for which compliance was required with French personal data protection regulations.



Data brokers, startups, companies recognised in the social media sector, software publishers, manufacturers of video game consoles, cloud and health data hosting services, international telecommunications operators and MVNOs.


Let's keep in touch

Leave us your details using the form and we shall contact you as soon as possible!