Advice & Accompaniment

DPO Consulting teams work with you to make your personal data protection compliance a real competitive advantage.

«  Beyond legal expertise, the DPO Consulting team is able to understand the strategic and operational challenges of its clients. We offer our clients pragmatic solutions, adapted to their context and environment. In the quest for continuous improvement, we are constantly seeking to optimize our methodology for ever greater quality and satisfaction. If I had to sum up the team in one sentence: Professionals who combine rigour and dynamism, who willingly share their knowledge and experience, all in an authentic good mood! »

 

Marine Brogli, Présidente de DPO Consulting

DPO Consulting is a consulting company specialized in personal data protection whose purpose is to assist companies of all sizes in bringing their data processing into compliance with regulations.

From the detection of non-conformities to Business As Usual (BAU) support, DPO Consulting’s teams support you in making your personal data protection compliance a real competitive advantage.

Practical, responsive and operational, our teams know how to integrate quickly into the most complex environments. We use a collaborative approach that reduces costs and facilitates the transfer of skills. This mindset encourages your teams to take ownership of the solutions implemented and to share a true culture of compliance within your company.

Our approach

Step 1

Assess your level of compliance

Identify and analyze gaps

Map processing operations

Analyze processing

Establish the action plan for compliance

Step 2

Bring teams together around a program

Determine Roles and Responsibilities (RACI)

Evaluate the amndays and costs of the program

Validate the budgetwith the top management

Build your project team

Step 3

Achieve compliance

Appoint a DPO

Implement the action plan

Modify processes

Step 4

Maintain compliance over time

Ensure the transition from the project phase to the run mode

Audit regularly

Document and validate new projects

Training and Awareness

RGPD and compliance

What impact?

The new Regulation was created to improve the protection of personal data and privacy of EU residents, while simplifying administrative procedures for international companies. Compliance with the GDPR and compliance with the various legal frameworks must be a priority for any company that uses or collects personal information from/about EU residents.

To comply with the GDPR, a company must map all data processing operations under its responsibility. Regardless of the technology used, all personal data stored and used by the organization must be searched and audited. Transparent access to all data sources allows for better assessment and management of risks to both confidentiality and data integrity. In addition, companies have obligations to trace the origin and use of all personal data of its customers.

 

The DPO must therefore audit all data to identify the personal information that each database or application contains. Personal data may be present in structured or unstructured databases. Therefore, the controller or his DPO, if he entrusts him with this task, must analyse these fields to extract, classify and catalogue personal data elements such as names, e-mail addresses or social security numbers. Depending on the volumes of data available, this process can hardly be carried out manually. In addition to the analysis and categorization of personal data by risk level, it will also be necessary to conduct an analysis of the relevance of the data, their quality and their retention period.

For compliance with the GDPR, confidentiality rules must be documented (including access rights to the systems) and shared within the organization. This is the best way to ensure that personal data is only accessible to those with appropriate rights.

Once the personal data inventory and management model have been established, the appropriate level of data protection must be defined based on the risk associated with each type of data. For GDPR compliance, at least three techniques to enhance data protection can be used: encryption, pseudonymization and anonymization. It is necessary to apply the appropriate technique according to the user’s rights and the context of use, without compromising the growing needs for analysis, forecasting, portability, query and reporting.

The last step in complying with the GDPR consists in implementing a quantified action plan to distribute the various actions in all departments: indeed, all departments (Human Resources, Sales, Legal, Marketing, etc.) are concerned by the GDPR and will have to intervene in the deployment of the action plan.

Personalized support by our experts in the management of personal data.

Recommendations tailored to your size and your challenges.

Need informations?