Who are we?

The DPO Consulting Group

DPO Consulting

Personal data protection is nowadays at the heart of profound debates in society. This unavoidable facet of privacy protection is subject to specific regulations stemming from the French Data Protection Act of 6 January 1978.

On April 27, 2016, a new European regulation was introduced. This has profoundly changed the way we understand data protection, in particular by requiring companies to establish a real governance of the legal compliance of personal data processing. GDPR has given personal data the protection it needs.

DPO Consulting is a consulting firm specializing in personal data protection. Created in 2015 by Marine Brogli, President of the Group, its purpose is to assist organizations of all sizes and sectors in their GDPR compliance.

We want to actively participate in the creation of the information assets of companies by democratizing and making it easier for companies to access and manage their data.

This vision translates into a turnkey service that allows our customers to have a complete knowledge of the data they process. We support all our clients in their strategic choices, both from an organizational and technical point of view, to protect the personal data they process.

It is a digital revolution that is taking place while respecting the fundamental rights of individuals, but also an awareness of the societal impact that personal data management represents today and in the years to come.

Consulting, support, training, outsourcing the DPO role… DPO Consulting meets all your data protection needs, in an adapted manner. Throughout the life cycle of your data processing, the DPO Consulting teams support you in order to make your compliance in terms of personal data protection a real competitive advantage.

Pragmatic, responsive and operational, our teams know how to quickly integrate into the most complex environments. We are committed to a collaborative approach that eases the burden and facilitates the transfer of skills. This state of mind favors the appropriation of the proposed solutions by your teams and the sharing within your company of a true culture of compliance.

Every day we strive to defend the values we hold dear: respect, transparency, ethics, excellence, fulfillment in work, trust and customer service.

Our solutions
to your needs

  • Consulting
  • GDPR & Cybersecurity Website Certification
  • Outsourced DPO
    Shared DPO
    International DPO
  • EU Representative
  • UK Representative
  • GDPR software
  • DPO assistance
  • DPO coaching
  • Training

asked questions

The acronym “RGPDstands for “General Data Protection Regulation” (GDPR). GDPR regulates the processing of personal data of citizens of the European Union and companies located in this same territory.

The legal context is being adapted to keep up with changes in technology and in our society (increased use of digital technology, development of online commerce, etc.).

This European regulation is a continuation of the French Data Protection Act of 1978 and strengthens citizens’ control over the use that can be made of their data.

It standardizes the rules in Europe by offering a unique legal framework to professionals. It allows them to develop their digital activities within the EU based on the trust of users.

GDPR is a regulation, which means that, unlike a European directive, it is directly applicable and does not require transposition. As such, GDPR applies directly to all entities located in the European Union, and goes even further because it protects the personal data of all citizens of the European Union, regardless of the country of location of the entity that processes them.

Whether you are a data controller or a data processor, you risk strong penalties if you fail to comply with GDPR, particularly if you fail to obtain consent from individuals or violate the principles of personal data management.

Your risk:


  • a fine of €20 million, or
  • 4% of your company’s worldwide annual turnover
  • whichever is greater.

    • Strengthen the trust of your internal and external partners
    • Improve your sales efficiency
    • Manage your business better
    • Improve the security of their company’s data
    • Reassure their clients
    • Develop their business by creating new services

    Any organization is likely to be affected by GDPR. Indeed, the scope of the regulation does not distinguish according to size, activity, legal form or country of establishment.

    As such, GDPR applies to any organization, public or private, that processes personal data on its own behalf or not, as long as:


  • it is established on the territory of the European Union, or
  • its activity directly targets European residents.
  • GDPR also affects processors who process personal data on behalf of other organizations.

    A Data Protection Officer (DPO) is a person responsible for ensuring the protection of personal data processed by a company. As such, they are responsible for ensuring that all personal data under the organization’s control is used appropriately and in accordance with applicable regulations.

    The DPO must be familiar with all data security laws and practices. They must have technical and legal expertise in the area of personal data protection. The CNIL also recommends that they have a good knowledge of the business sector, of the internal organization, in particular of all processing operations, of the information systems and of the technical and organizational security measures.

    Any company, regardless of type or size, that handles personal data of EU residents or is located in the EU must have a person in its organization who is responsible for ensuring GDPR compliance. This person is even designated with the Supervisory Authority. A Data Protection Officer’s main tasks are to:


  • Develop and implement the organization’s data protection and privacy policy.
  • Train and advise staff on the regulatory provisions on data protection.
  • Identify and monitor the use of personal data, ensuring that data protection principles are respected.
  • Process and respond to all requests for information, correction or deletion from data subjects to ensure that their data is properly protected.
  • GDPR gives the DPO a key role in the company, and the power to report to the highest level of the company’s hierarchy.

    The role of the Data Protection Officer has been officially defined by the European Union under GDPR. Under this regulation and unlike the CIL, the appointment of a DPO is now mandatory in the following cases:

    • If you are a public body or a public authority
    • If your main activity requires processing data to allow regular and systematic monitoring on a large scale of data subjects
    • If your main activity requires processing sensitive data (such as data relating to health, criminal offenses, philosophical, religious or political opinions, racial or ethnic origin) on a large scale

    Compliance audit

    • GDPR compliance audit
    • Website audit
    • GDPR & Cybersecurity website certification

    Compliance and tools

    • GDPR project management and deployment
    • Compliance tool: our GDPR software
    • Compliance documents

    Assistance and expertise

    • DPO assistance
    • PIA offering
    • Advice and support

    Outsourced DPO and representation

    • External DPO
    • Shared DPO
    • International DPO
    • EU Representative
    • UK Representative

    Training and coaching

    • Training
    • Coaching

    Do you have any questions?
    Our team is at your disposal

    You may be interested in


    Our publications

    Keep up to date with the latest legal trends and GDPR news.


    Our webinars

    Find all our webinars on our channel, to be discovered in replay.
    We look forward to our live chat!


    Our events

    Stay informed of our upcoming events. It will be an opportunity to meet and discuss together.