Fabrice Naftalski

Attorney at law Partner, Global Head of Data Protection Law Practice
EY, société d'avocats
Participates in 5 items

EN

As EY Global Head of Data Protection Law Practice, Fabrice Naftalski, Partner and Attorney at Ernst & Young Société d’Avocats in Paris, works on contractual and regulatory projects in connection with the use of Information Technology and also on transactions dealing with intangibles. He assists its clients at European and international levels in the development and implementation of data protection compliance programs (including inventory of data files, compliance audit and privacy impact assessment (including in the field of AI), development of personal data management procedures (including Binding Corporate Rules and other tools to secure transfers), performance of transfer impact assessment (TIA), GDPR roadmap, preparation and implementation). He serves clients from Pharma, Media and Technology industries, non-profit organizations, industrial groups (including airplane, automotive, Cosmetic and Luxury industry) , banking and insurance sectors, the EU Commission and local governments. He advised EU Commission (DJ Justice/ Data protection Unit).

and EU Parliament on regulation 2018/1725 (data protection legal framework for EU institutions and agencies aligning the rules with GDPR) and performed Data Protection Pillar Assessment for International organisations, local governments and for the EU Commission.

Fabrice graduated from English and North American Business Law University Panthéon/Sorbonne in Paris) (DEA) and held Paris Bar speciality in Information Technology & Telecom law. (International Association of Privacy Professionals).Fabrice is also, CIPP/E & CIPM holder (certification delivered by the (International Association of Privacy Professionals), member of Europrivacy International Board of Experts in Data Protection and europrivacy expert for GDPR certification.

FR

Fabrice Naftalski a 23 ans d'expérience en cabinet d’avocats. Il dirige la practice mondiale d’EY Law en droit de la protection des données personnelles et l’équipe droit du numérique d’EY, société d’avocats. Il intervient sur les problématiques réglementaires et contractuelles liées à l’utilisation des technologies de l’information (Protection des données personnelles et privacy, développement et déploiement de programmes de conformité GDPR, études d’impact, contrats informatiques, outsourcing, dématérialisation, internet, Binding Corporate Rules, chartes informatique et internet…) ainsi qu’en droit de la propriété intellectuelle, notamment dans le cadre d’opérations transactionnelles sur des incorporels (technologies, signes distinctifs, logiciels, fichiers, savoir-faire…).Fabrice est également expert europrivacy et expert légal homologué EuroPrise. Il est également Titulaire du CIPP/E (Certified Information Privacy Professional/Europe) délivré par l’IAPP (International Association of Privacy Professionals). impliquant des experts en gestion des risques, en sécurité informatique, en évaluations et transactions, afin d’apporter des solutions intégrées.

Sessions in which Fabrice Naftalski participates

Tuesday 13 May, 2025

Time Zone: (GMT+01:00) Rome
Measuring Compliance Value: Which Metrics, Which Methodology?
Scuola Grande S.G. Evangelista - Sala Guarana
9:00 AM - 9:45 AM | 45 minutes
Socio-economic Perspective
CertificationCross-border data transfers

The session will begin with the presentation of research work on the evaluation of the benefits of compliance (combining costs, returns, gains of compliance analysis). The objective will be then to discuss on the KPIs that can be used to measure the positive returns of compliance by incorporating the perspectives of stakeholders who advocate, monitor, implement, control, or finance compliance actions. 

Valuing and Monetizing Compliance: Tools and Stakeholders
Scuola Grande S.G. Evangelista - Sala Guarana
9:45 AM - 10:30 AM | 45 minutes
Socio-economic Perspective
Certification

This panel aims to present the GDPR certification art. 42 (Europrivacy) and the vision of financial auditors (e.g. ISA 250 standard and the PCAOB approach), and will invite other stakeholders as a rating agency, a financial regulator, and digital rights agency to give their perspectives. 

Thursday 15 May, 2025

Time Zone: (GMT+01:00) Rome
How International Organizations with Immunity Approach Privacy
Scuola Grande S.G. Evangelista - Salone
11:00 AM - 12:00 PM | 1 hour
Data Regulations in Practice
International CooperationCross-border data transfersEnforcement
European Data Protection Seal Certifications - Lessons Learned and Evolution
Ca' Dolfin - Aula Magna
2:00 PM - 3:00 PM | 1 hour
Data Protection Certification
CertificationRegulatory evolutionData regulation in practiceCross-border data transfersInterpretation available

The European Data Protection Seal is a golden standard for demonstrating compliance, helping organizations navigate the complex world of GDPR. With Europrivacy officially recognized as a European Data Protection Seal, certification is no longer a theoretical idea but a tangible reality. In this engaging session, the distinguished panel of speakers will explore the impact of certifications, the lessons learned from ...

Friday 16 May, 2025

Time Zone: (GMT+01:00) Rome
The role of DPOs in AI Governance
Scuola Grande S.G. Evangelista - Sala Guarana
9:00 AM - 10:30 AM | 1 hour 30 minutes
DPO Cooperation
Artificial IntelligenceInterpretation available

This unique session explores the evolving responsibilities of DPOs in the field of AI governance, focusing on the challenges, ethical dilemmas, and opportunities that come with overseeing AI systems that may impact personal data. Join the panel for a forward-thinking discussion about how DPOs can steer the future of AI governance while staying true to their core mission of data protection.