Stephanie Faber heads the Data Privacy & Cybersecurity Group and Intellectual Property & Technology Practice in the Paris office. She specialises in international business law, with more than 20 years of experience. Her legal practice encompasses business transactions and operations, as well regulatory and compliance work.

    In relation to the Data Privacy & Cybersecurity Group, Stephanie advises on:

    • GDPR gap assessment and compliance programs
    • Data breach management and notification
    • Database creation, international transfers (Privacy Shield, BCR and Model clauses), cloud, HR data (including employee monitoring), marketing usage, health data, financial-related services, etc.
    • Whistleblowing (including new mandatory requirement effective 1 January 2018)
    • Contract negotiations
    • Relations and registrations with the French data protection authority, the CNIL

    The Intellectual Property & Technology Practice of the Paris office encompasses advising on, drafting and negotiating contracts in the following areas:

    • Commercial contracts, including distribution agreements, services and supply agreements, advertising agreements, logistic agreements, general conditions of sales and sponsoring agreements
    • Joint ventures, transfer of businesses, assets or licenses
    • French regulations applying to commercial businesses, including e-commerce such as consumer protection, competition, advertising, product liability, abrupt termination of ongoing commercial relationships, distance sales, on or offline gaming and lotteries, and use of French language
    • IT, media and telecom contracts and outsourcing
    • Communication and media regulations
    • French anticorruption regulation (including compliance programs required since 2017), UKBA and FCPA
    • Relationship with regulators such as the DGCCRF (in charge of consumer protection and competition in France) and the CSC (Commission of Safety for Consumers), as well as the ARCEP (French regulator of the electronic communications and postal sectors)

    Her commercial practice also includes conflicts and pre-litigation situations.

    Stephanie also provides vocational and client training on regulatory or contractual matters. She is a speaker at the Law School of University of Paris II Panthéon-Assas for its "Diplôme d'université de la protection des données – Data Protection Officer (DPO)" (Data protection – DPO university degree) aimed at training future DPOs under the new European General Data Protection Regulation (GDPR). The degree is open to professionals who already have a first experience.

    Stephanie is a member of IAPP, French Privacy associations AFCDP and ADPO and ICC's Commissions on Digital Economy and Corporate Responsibility and Anti-corruption.

    Stephanie regularly writes articles in French and in English, on both the firm's blogs and with specialised press. She has also spoken at various conferences in the UK, France, Brussels and the Middle East.

    Award Mouse thought multimedia interface book medal screen monitor


    • Eberhard Karls University, Tubingen, LL.M., German Law
    • Université Paris IX – Dauphine, DEA, de Droit économique et social
    • Panthéon-Sorbonne University, Maîtrise, en Droit International des Affaires


    • Paris, 1995


    • French
    • English
    • German

    {{}} {{insights.source}} {{insights.type}}
    {{blog.title}} {{blog.source}}


    • "The French data protection authority’s consultation in Cloud Computing", La Revue, October 2011
    • "French implementation of the European directive on cookies and e-privacy", La Revue, August 2011
    • "A breath of fresh air for French service providers: notification exemption (dispense de déclaration) N° 15", La Revue, February 2011
    • "CNIL conducted more inspections, ordered first processing halt in 2010", World Data Protection Report, December 2011
    • "France’s CNIL finally able to award labels to mark compliance with Data Protection Act", World Data Protection Report, November 2011
    • "The reasoning behind the French Data Protection Authority’s Record against Google", World Data Protection Report, May 2011
    • "CNIL’s powers revised under newly adopted law", World Data Protection Report, May 2011

    Speaking Engagements

    • Presenter, “ICC business views on the reform of the French ACT N°78-17 of 6 January 1978 on information technology, data files and civil liberties”, French National Assembly, 18 January 2018.
    Award Mouse thought multimedia interface book medal screen monitor