The DPO Consulting Group
Personal data protection is nowadays at the heart of profound debates in society. This unavoidable facet of privacy protection is subject to specific regulations stemming from the French Data Protection Act of 6 January 1978.
On April 27, 2016, a new European regulation was introduced. This has profoundly changed the way we understand data protection, in particular by requiring companies to establish a real governance of the legal compliance of personal data processing. GDPR has given personal data the protection it needs.
DPO Consulting is a consulting firm specializing in personal data protection. Created in 2015 by Marine Brogli, President of the Group, its purpose is to assist organizations of all sizes and sectors in their GDPR compliance.
We want to actively participate in the creation of the information assets of companies by democratizing and making it easier for companies to access and manage their data.
This vision translates into a turnkey service that allows our customers to have a complete knowledge of the data they process. We support all our clients in their strategic choices, both from an organizational and technical point of view, to protect the personal data they process.
It is a digital revolution that is taking place while respecting the fundamental rights of individuals, but also an awareness of the societal impact that personal data management represents today and in the years to come.
Consulting, support, training, outsourcing the DPO role… DPO Consulting meets all your data protection needs, in an adapted manner. Throughout the life cycle of your data processing, the DPO Consulting teams support you in order to make your compliance in terms of personal data protection a real competitive advantage.
Pragmatic, responsive and operational, our teams know how to quickly integrate into the most complex environments. We are committed to a collaborative approach that eases the burden and facilitates the transfer of skills. This state of mind favors the appropriation of the proposed solutions by your teams and the sharing within your company of a true culture of compliance.
Every day we strive to defend the values we hold dear: respect, transparency, ethics, excellence, fulfillment in work, trust and customer service.
The acronym “RGPD“stands for “General Data Protection Regulation” (GDPR). GDPR regulates the processing of personal data of citizens of the European Union and companies located in this same territory.
The legal context is being adapted to keep up with changes in technology and in our society (increased use of digital technology, development of online commerce, etc.).
This European regulation is a continuation of the French Data Protection Act of 1978 and strengthens citizens’ control over the use that can be made of their data.
It standardizes the rules in Europe by offering a unique legal framework to professionals. It allows them to develop their digital activities within the EU based on the trust of users.
GDPR is a regulation, which means that, unlike a European directive, it is directly applicable and does not require transposition. As such, GDPR applies directly to all entities located in the European Union, and goes even further because it protects the personal data of all citizens of the European Union, regardless of the country of location of the entity that processes them.
Whether you are a data controller or a data processor, you risk strong penalties if you fail to comply with GDPR, particularly if you fail to obtain consent from individuals or violate the principles of personal data management.
Your risk:
ul>
whichever is greater.
Any organization is likely to be affected by GDPR. Indeed, the scope of the regulation does not distinguish according to size, activity, legal form or country of establishment.
As such, GDPR applies to any organization, public or private, that processes personal data on its own behalf or not, as long as:
ul>
GDPR also affects processors who process personal data on behalf of other organizations.
A Data Protection Officer (DPO) is a person responsible for ensuring the protection of personal data processed by a company. As such, they are responsible for ensuring that all personal data under the organization’s control is used appropriately and in accordance with applicable regulations.
The DPO must be familiar with all data security laws and practices. They must have technical and legal expertise in the area of personal data protection. The CNIL also recommends that they have a good knowledge of the business sector, of the internal organization, in particular of all processing operations, of the information systems and of the technical and organizational security measures.
Any company, regardless of type or size, that handles personal data of EU residents or is located in the EU must have a person in its organization who is responsible for ensuring GDPR compliance. This person is even designated with the Supervisory Authority. A Data Protection Officer’s main tasks are to:
ul>
GDPR gives the DPO a key role in the company, and the power to report to the highest level of the company’s hierarchy.
The role of the Data Protection Officer has been officially defined by the European Union under GDPR. Under this regulation and unlike the CIL, the appointment of a DPO is now mandatory in the following cases:
Compliance audit
Compliance and tools
Assistance and expertise
Outsourced DPO and representation
Training and coaching
Keep up to date with the latest legal trends and GDPR news.
Find all our webinars on our
channel, to be discovered in replay.
We look forward to our live chat!
Stay informed of our upcoming events. It will be an opportunity to meet and discuss together.