Who are we?

DPO Consulting Group

DPO Consulting

Today, protection of personal data is at the heart of intense social debates. This unavoidable aspect of privacy protection is subject to specific regulations based on the Data Protection Act of 6 January 1978.

On 27 April 2016, a new European regulation was introduced. This regulation has profoundly transformed the way we deal with data protection, particularly by requiring companies to establish a genuine governance policy regarding legal compliance of personal data processing. The GDPR has given personal data the protection it needed.

DPO Consulting is a consulting firm specialised in personal data protection. Founded in 2015 by Marine Brogli, current President, DPO Consulting’s purpose is to assist organisations of all sizes and sectors in bringing their processing operations into compliance with the regulation.

Our will is to be active  in the creation of the firms’ information assets by democratising and making it easy for companies to access and manage their data.

This vision reflects into a turnkey service that gives our clients complete knowledge of the data they process. We then become a reliable and solid structure for all our clients by accompanying them in their strategic choices, both from an organisational and technical point of view, to protect their data.

We are experiencing  a digital revolution taking place with due respect to the fundamental rights of individuals, but also an awareness of the societal impact that personal data management represents today an in the years to come.

Advice, support, training, outsourcing of the DPO function… DPO Consulting responds to all your data protection needs, in a way adapted to your structure. Throughout the life cycle of your data processing, the DPO Consulting teams support you in order to make your data protection compliance a real competitive advantage.

Pragmatic, responsive and operational, our teams know how to integrate quickly into the most complex environments. We are committed to a collaborative approach that eases the burden and facilitates the transfer of skills. This method encourages your teams to adopt the proposed solutions and to share a genuine culture of compliance within your company.

Your needs,
our solutions

  • EU representative
  • UK representative
  • International DPO
  • Outsourced DPO
  • GDPR compliance software

asked questions

The acronym GDPR stands for “General Data Protection Regulation” (GDPR). The GDPR regulates the processing of EU citizens’ personal data and companies situated within the EU. 

The legal context is being adapted to keep pace with social and technologic changes (increased use of digital technology, development of e-commerce, etc.).

This new European regulation has been inspired by the French Data Protection Act of 1978 and strengthens citizens’ control of the use that can be made of their data.

It harmonises the rules applicable in Europe by providing a single legal framework for professionals. It allows them to develop their digital activities within the EU based on user trust.

GDPR is a European regulation, which means that, unlike a European directive, it applies with no need of a transposition. Therefore, GDPR applies directly to all entities established in the European Union. The text goes even further because it protects the personal data of all citizens of the European Union, regardless of the country where the entity that processes this data is established.

Whether you are a data controller or a data processor, your risk in case of non-compliance with GDPR is strong sanctions, in particular in case of lack of consent from individuals or violation of the principles of personal data management.

Your risk is the following:

  • A fine of €20 million, or
  • 4% of your company’s annual consolidated turnover

depending on what amount is the highest.


  • Increasing your internal and external business partners’ trust
  • Improve your commercial effectiveness
  • Managing your business better
  • Improve the security of your information assets 
  • Reassure your customers
  • Develop your business by creating new offers

Any organisation is likely to be affected by GDPR. Indeed, its wide scope does not make any distinction based on the size, the activity, the legal form or the country of establishment.

Therefore, GDP applies to any organisation, public or private, which processes personal data on its own behalf or on behalf of another party, as long as:

  • it is established within the European Union, or
  • its activity directly targets European Union residents.

A Data Protection Officer (DPO) is a person responsible for ensuring the protection of personal data processed by a company. As such, he or she must ensure that all personal data processed by the organisation is used in accordance with the applicable regulations.

The DPO must be familiar with all data security laws and practices. He or she must have technical and legal expertise in the field of personal data protection. The CNIL (French Supervisory Authority) also recommends that the DPO should have a good knowledge of the business sector, the internal organisation, in particular of all processing operations, information systems and security measures, both technical and organisational.

Any company, regardless of its type or size, which processes the personal data of EU residents or which is established within the EU must appoint a person in its organisation who is responsible for monitoring compliance with GDPR. This person is even designated to the Supervisory Authority. The main tasks of a Data Protection Officer are to:

  • Develop and implement the organisation’s data protection and privacy policy
  • Train and advise staff on the provisions of the Data Protection Act
  • Identify and monitor the use of personal data, ensuring that data protection principles are respected
  • Handle and respond to all requests for information, correction or deletion from data subjects to ensure that their data is properly protected

GDPR gives the DPO a key role in the company and the power to report to the highest level of the company’s hierarchy.

The role of the Data Protection Officer has been formally defined by the European Union under the GDPR. The appointment of a DPO is mandatory in the following cases:

  • If you are a public body or public authority
  • If your main activity requires to process data to enable regular and systematic large-scale monitoring of data subjects
  • If your main activity requires to process sensitive data (such as data related to health, offences, philosophical, religious or political opinions, racial or ethnic origin) on a large scale


EU representative

International DPO

Outsourced DPO

GDP compliance softwar

You may find it interesting