Céline M. Guillou

Céline M. Guillou

Céline Guillou’s practice focuses on data privacy law and compliance, with a particular focus on U.S. and European data protection laws and California consumer privacy laws. Céline is a member of Hopkins & Carley’s Corporate Practice in the Palo Alto office.

Céline advises companies on how to proactively and strategically manage their data privacy and security risks across multiple teams and stakeholders. She develops and implements information privacy and security compliance programs for her clients, and her day-to-day practice includes assessing applicable data protection laws and risks, developing internal and consumer-facing policies and notices, drafting and reviewing third-party data protection agreements and developing overall data protection strategies and processes within client organizations. Her practice also includes data breach management/reporting, and, as a former commercial litigator, she advises on information security litigation and regulator enforcement. Because personal information is a valuable asset for so many companies, she also assists the firm’s M&A team in addressing data protection in their transactions.

Céline advises private and public company clients in a wide range of industries, including gaming, property management, B2B, e-commerce, Saas, IoT, and hospitality. She holds a (CIPP/E) certification from the International Association of Privacy Professionals (IAPP), the global standard in privacy certification.

Writing and Speaking

Celine regularly writes on data privacy and security, and frequently speaks at industry group events. She co-founded and co-edits The Privacy Hacker, a Hopkins & Carley blog dedicated to privacy and security, with a particular focus on practical issues.

  • Consumer and B2B privacy-related matters and strategy – coordinate with internal stakeholders to map data flows and assess privacy-related risks
  • Collaboration across multiple functions within client organizations (legal, product, marketing and engineering) to assist with privacy policy and strategy
  • Internal data protection governance and accountability requirements – develop and implement internal information privacy and security policies
  • Client staff information privacy and security training
  • Transparency requirements – develop and implement consumer-facing privacy policies, consent mechanisms and just-in-time notices
  • Third-party due diligence, data protection agreements, audits
  • CCPA/GDPR readiness
  • Data privacy and security litigation
  • Data breach management/reporting


Selected Speaking Engagements

  • How to Comply with the Patchwork of US Privacy Laws, Beginning with CCPA, Lexology Webinar (September 2020)
  • Are you Prepared for All of the New Privacy Laws? (September 2019)
  • Speaker, eTourism Summit (September 2019)
  • CCPA:  It’s Go Time (January 2019)
  • State Bar of California
  • J.D., Columbia University School of Law Masters of Law, University of Paris

Stay up to date on the latest news, alerts, events and legal insights: