Fabrice Naftalski
EN
As EY Global Head of Data Protection Law Practice, Fabrice Naftalski, Partner and Attorney at Ernst & Young Société d’Avocats in Paris, works on contractual and regulatory projects in connection with the use of Information Technology and also on transactions dealing with intangibles. He assists its clients at European and international levels in the development and implementation of data protection compliance programs (including inventory of data files, compliance audit and privacy impact assessment (including in the field of AI), development of personal data management procedures (including Binding Corporate Rules and other tools to secure transfers), performance of transfer impact assessment (TIA), GDPR roadmap, preparation and implementation). He serves clients from Pharma, Media and Technology industries, non-profit organizations, industrial groups (including airplane, automotive, Cosmetic and Luxury industry) , banking and insurance sectors, the EU Commission and local governments. He advised EU Commission (DJ Justice/ Data protection Unit).
and EU Parliament on regulation 2018/1725 (data protection legal framework for EU institutions and agencies aligning the rules with GDPR) and performed Data Protection Pillar Assessment for International organisations, local governments and for the EU Commission.
Fabrice graduated from English and North American Business Law University Panthéon/Sorbonne in Paris) (DEA) and held Paris Bar speciality in Information Technology & Telecom law. (International Association of Privacy Professionals).Fabrice is also, CIPP/E & CIPM holder (certification delivered by the (International Association of Privacy Professionals), member of Europrivacy International Board of Experts in Data Protection and europrivacy expert for GDPR certification.
FR
Fabrice Naftalski a 23 ans d'expérience en cabinet d’avocats. Il dirige la practice mondiale d’EY Law en droit de la protection des données personnelles et l’équipe droit du numérique d’EY, société d’avocats. Il intervient sur les problématiques réglementaires et contractuelles liées à l’utilisation des technologies de l’information (Protection des données personnelles et privacy, développement et déploiement de programmes de conformité GDPR, études d’impact, contrats informatiques, outsourcing, dématérialisation, internet, Binding Corporate Rules, chartes informatique et internet…) ainsi qu’en droit de la propriété intellectuelle, notamment dans le cadre d’opérations transactionnelles sur des incorporels (technologies, signes distinctifs, logiciels, fichiers, savoir-faire…).Fabrice est également expert europrivacy et expert légal homologué EuroPrise. Il est également Titulaire du CIPP/E (Certified Information Privacy Professional/Europe) délivré par l’IAPP (International Association of Privacy Professionals). impliquant des experts en gestion des risques, en sécurité informatique, en évaluations et transactions, afin d’apporter des solutions intégrées.
Sessions in which Fabrice Naftalski participates
quinta-feira 20 junho, 2019
terça-feira 5 abril, 2022
quarta-feira 6 abril, 2022
Session in English interpreted into Italian / Sessione in inglese con la traduzione in italiano
quinta-feira 7 abril, 2022
quinta-feira 20 abril, 2023
quarta-feira 12 junho, 2024
Introduction The speakers on this panel will embark on a comprehensive exploration of the diverse mechanisms available to safeguard data, such as Certification, Standard Contractual Clauses (SCC), Binding Corporate Rules (BCR), and Codes of Conduct (CC). With the use of digital technologies and cross-border data flows, organizations and professionals face mounting pressure to adapt sa...
Introduction With the proliferation of artificial intelligence technologies, challenges are inevitable to ensure that data practices comply with evolving legal requirements while utilizing the potential of AI innovation to the maximum capacity. With this session, the speakers will explore the integration of AI legal frameworks into data protection compliance programs.
quinta-feira 13 junho, 2024
Introduction The panel of this session will examine the significance of cross-border accountability in the field of data processing, in order to ensure accountability and demonstrate compliance with data protection regulations. The speakers will discuss and compare available mechanisms, practices, and regulatory frameworks for enhancing transparency in these activities.
terça-feira 13 maio, 2025
The session will begin with the presentation of research work on the evaluation of the benefits of compliance (combining costs, returns, gains of compliance analysis). The objective will be then to discuss on the KPIs that can be used to measure the positive returns of compliance by incorporating the perspectives of stakeholders who advocate, monitor, implement, control, or finance compliance actions.
This panel aims to present the GDPR certification art. 42 (Europrivacy) and the vision of financial auditors (e.g. ISA 250 standard and the PCAOB approach), and will invite other stakeholders as a rating agency, a financial regulator, and digital rights agency to give their perspectives.
quinta-feira 15 maio, 2025
The European Data Protection Seal is a golden standard for demonstrating compliance, helping organizations navigate the complex world of GDPR. With Europrivacy officially recognized as a European Data Protection Seal, certification is no longer a theoretical idea but a tangible reality. In this engaging session, the distinguished panel of speakers will explore the impact of certifications, the lessons learned from ...
sexta-feira 16 maio, 2025
This unique session explores the evolving responsibilities of DPOs in the field of AI governance, focusing on the challenges, ethical dilemmas, and opportunities that come with overseeing AI systems that may impact personal data. Join the panel for a forward-thinking discussion about how DPOs can steer the future of AI governance while staying true to their core mission of data protection.