Make your company
GDPR compliant

Enhance the value of your company’s information assets
with DPO Consulting, a consulting firm specializing in personal data protection

Data protection
accessible to all

DPO Consulting supports you with your GDPR compliance. As a true partner in your development, we accompany you throughout this process. Because a destination is never a place, but a new way of seeing things and “adventure is worthwhile.” – Aristotle

Our solutions
for your GDPR compliance needs




and tools


and expertise


and coaching


Outsourced DPO
and Representation

DPO Consulting
in a few figures

of expertise
in France and abroad
of Expertise

all our news


Our publications

Keep up to date with the latest legal trends and GDPR news.


Our webinars

Find all our webinars on our channel, to be discovered in replay.
We look forward to our live chat!


Our events

Stay informed of our upcoming events. It will be an opportunity to meet and discuss together.

A few words
about DPO Consulting

DPO Consulting, a consulting firm specializing in personal data protection, assists you in the organizational and operational compliance of your institution. Created in 2015, DPO Consulting is a completely independent firm that shares the entrepreneurial spirit of its clients.

Experts in our field, we are versatile and quickly adapt to any type of organization.

choose DPO Consulting?


Pragmatic, adaptable,
responsive, operational



Banking, insurance, health, IT,
industry, public administration

thumb up


Data protection,
big data, IoT, smart city

icône homme


Passionate, dynamic
and versatile

icône message


English, Spanish, Portuguese,
Italian, German



Lawyer, project manager,
IT, training

What is a DPO?

The appointment of a Data Protection Officer (DPO), whether internal or external, is an obligation instituted by the General Data Protection Regulation (GDPR) for all public or private entities that are required to collect, store and/or process the personal data of a natural person. This data controller has different competences and a crucial function to allow their company to be compliant.

In France, the DPO is the successor to the Correspondant Informatique et Libertés (CIL), which simplified formalities with the CNIL and whose appointment was previously optional and whose obligations were more limited. The entry into force of GDPR on May 25, 2018 has given the position of DPO (Data ProtectionOfficer) a key role in the company to protect the personal data of users.

As defined by the CNIL, the European regulation (GDPR) frames the processing and protection of personal data throughout the European Union. Indeed, whether public or private, each organization / company must have the ability to prove that it carries out or has carried out the actions allowing it to be in compliance with GDPR. This includes the appointment of a Data Protection Officer (DPO).

The appointment of a DPO is an obligation in the following cases:

  • You are a public body or authority and
  • The data is subject to processing and it is considered “sensitive”, or
  • The personal data is subject to “large-scale” processing, or
  • Your activity is based on profiling individuals for advertising purposes.

Created even before GDPR (European Data Protection Regulation) came into force, and an expert in its implementation in the European Union and outside, DPO Consulting assists you in setting up actions and processes to enable your structure / company to be fully GDPR compliant. With tools, training and support tailored to your company for the processing and protection of personal data, take advantage of all our skills at your disposal.

The European regulation thus imposes certain measures and missions to the delegate whose role is to:

  • Create and maintain of a personal data processing register,
  • Carry out a Privacy Impact Assessment (PIA) when data processing is likely to cause high risks for individuals and their personal data,
  • Implement ethical processes respecting the principle of Privacy by Design,
  • Collect consent and information on people’s rights,
  • The appointment of an internal or external DPO to apply the rules of GDPR in the above cases.

DPO Consulting supports organizations and companies affected by GDPR throughout their compliance. Small, medium, large companies, all sectors of activity, we strive every day to make data protection easier and accessible to all!

Do you have any questions?
Our team is at your disposal

With several years of experience developed and put into practice with several hundred clients / companies in the field of GDPR, the experts in data protection and data processing at DPO Consulting know how to adapt to your organizations and your sector. The support takes place as close as possible to the practice of your organization / your DPO manager through tools, training …, so that the RGPD is no longer viewed as a constraint, but as an opportunity.

Training, DPO coaching, GDPR compliance audit, outsourcing of your DPO… We provide professionals (companies, local authorities…) with a set of services that will allow your DPO / your company to be fully GDPR compliant.

Users’ rights regarding the processing of personal data

Users whose personal data has been processed have a set of rights provided by the laws in force. Among the rights of individuals:

  • The right to give consent or not to the processing of their data
  • The right to be informed about the collection of their data
  • The right to access their various personal data
  • The right to rectify or delete their personal data
  • The right to limit the processing of their data
  • The right to object to the processing of data (in particular via the cookies set up on the websites)

Other rights are also granted to users, particularly in the context of profiling systems.

Many companies and structures are still not in compliance with the regulation despite its entry into force in 2018. And yet in the event of an inspection by the Commission Nationale de l’Informatique et des Libertés (the CNIL), non-compliance with GDPR exposes you to:

  • A fine of up to several million euros
  • A suspension of personal data flows
  • An administrative fine
  • An obligation to promptly implement the Data Processing Register
  • A temporary or permanent ban on collecting personal data
  • A publication of sanctions

Sources: CNIL website / Government website