GDPR: a new paradigm
In comparison to previous European data privacy legislation, the GDPR (General Data Protection Regulation) can be considered as a new paradigm:
DPO (internal or external)
The appointment of a DPO (Data Protection Officer) is mandatory for public companies. It is also compulsory for private companies that process sensitive data or profile individuals on a large-scale.
Organisations outside the European Union (whose head offices or servers are located outside the European Union) are also concerned by the GDPR when they target European citizens (especially on the web).
Right to be forgotten/Right to erasure
The right to be forgotten and the right to erasure allow individuals to have their digital footprints altered in order for them to take control of their digital life.
Data protection by design and by default
Data protection by design and by default introduces the concepts of data protection during the design of a product or service, without requiring any additional action from the person concerned (DP by default).
PIA (Privacy Impact Assessment)
The PIA (Privacy Impact Assessment) is produced in a number of cases, notably when the processing of personal data entails a risk for individuals.
Data breaches need to be reported to data protection authorities (the CNIL in France, the ICO in the United Kingdom) by the controller within 72 hours, at the most. In the event of high risk, the controller must inform those concerned individually.
This notion ensures data portability between different service providers (for example, in social media, service providers specialising in supplying and managing email addresses).
It is necessary to ensure that the appropriate technical and organisational measures (TOMs) have been implemented in order to protect and secure personal data.
In case of non-compliance with the GDPR, fines can reach 4% of a company’s international financial turnover, or 20 million euros.
Data minimisation ensures that as little data is collected as possible. Therefore, collected data has to be relevant and limited to what is necessary for it to serve its purpose.
Fields of expertise
Our experience in regards to GDPR compliance projects covers a diversity of fields of activities, such as digital marketing, telecommunication, assistance in the social field, IT technical support, energy, transportation, heavy industry and geophysics. Thanks to our fields of expertise, which are technical, technological and operational, in addition to the legal framework; Data Privacy Professionals offers GDPR services tailored to your company’s needs.
Data Privacy Professionals provides complete assistance services to VSBs, SMBs and MSBs in their GDPR compliance and all other data privacy legislations.
Depending on your organisation’s needs, we can offer a range of services:
• consultation and assistance (on site or remotely)
• data protection officer, (DPO) external or externalised by the company
• training courses (on site or remotely)
• all-in-one packages
Data Privacy Professionals’ services stand as the architect of your personal data. The auditing phase, training courses, consulting, GDPR compliance and DPO (data protection officer) are all included in our services.
Consulting services and GDPR compliance
Our consulting and GDPR compliance services are available on your company’s premises or remotely.
These services put into operation a data privacy programme which defines, hierarchises and implements the necessary actions to achieve compliance, and accountability since they will also demonstrate the steps taken by your company.
These services are available in a range of three tiers to best fulfil your needs:
• the GDPR compliance Business tier is available from 1 day of services.
• the GDPR compliance Platinum tier is available after 5 days of services.
• the GDPR compliance Titanium tier is available after 10 days of services.
GDPR compliance pack
Packs are intended for VSBs and SMBs, who have available personnel and time, to undertake their own GDPR compliance. In order to achieve this goal, the company uses and/or adapts the different deliverables included in the provided packs.
Intended for VSBs and freelancers
Intended for SMB
GDPR and cybersecurity training courses for your company
GDPR training courses curriculums can be separated into three units:
Awareness training course
The GDPR awareness training course is intended for the general public.
Training courses for employees
GDPR: putting theory into practice for VSBs, SMBs, and MSBs. This training course is intended for your employees, associates, and subcontractors so that they can grasp baseline principles, GDPR challenges, and implement good practices.
Cybersecurity: raising awareness about the security of products, services and processes regarding new information and communication technologies, good digital practises and digital skills for VSB, SMB and MSB. This training course is intended for your employees and/or associates so that they grasp cybersecurity core principles and implement routine actions for good digital practises.
DPO training course
(Data Protection Officer)
This training course is intended for the employee that will become your company’s internal or external DPO.
A tailored GDPR training
Data Privacy Professionals tailors GDPR training courses in accordance to the size of your organisation (start-up, SMB, MSB) and to your field of activities, such as:
Assistance in the social field
Assist and monitor struggling individuals: asylum seekers, assistance for a company’s employees.
Analytics (cookies, fingerprinting, Google Analytics, Piwik/Matomo), profiling, targeted advertising campaigns, fidelity programs.
Data regarding health are a particular kind of personal data since they are considered as sensitive data.
Platforms creating connections in the transportation area, housing area, renting between private individuals (C2C).
Big Data, artificial intelligence, industry 4.0, internet of things (IoT).
Data protection is at the centre of the digital transition of procedures, tools and professions.
Business models evolve from the notion of products to services.
A local and international company
Data Privacy Professionals provides its services across France and especially in Île-de-France (Parisian region) and the Grand-Est region:
• in Alsace (Bas-Rhin / Haut-Rhin) : Strasbourg, Mulhouse, Colmar.
• in Lorraine (Moselle, Meurthe et Moselle, Meuse, Vosges) : Nancy, Metz, Thionville, Épinal, Saint-Dié, Bar-le-Duc, Forbach, Sarreguemines.
• in Champagne-Ardenne : Reims, Troyes, Charleville-Mézières.
We also intervene abroad (in French, English and German):
• Germany :
• Bade-Wurtemberg : Karlsruhe, Stuttgart, Fribourg, Offenbourg
• Sarre (Sarrebruck)
• Switzerland: Bâle
• United-Kingdom: London