GDPR consulting

GDPR: a new paradigm

In comparison to previous European data privacy legislation, the GDPR (General Data Protection Regulation) can be considered as a new paradigm:

DPO (internal or external)

The appointment of a DPO (Data Protection Officer) is mandatory for public companies. It is also compulsory for private companies that process sensitive data or profile individuals on a large-scale.


Organisations outside the European Union (whose head offices or servers are located outside the European Union) are also concerned by the GDPR when they target European citizens (especially on the web).

Right to be forgotten/Right to erasure

The right to be forgotten and the right to erasure allow individuals to have their digital footprints altered in order for them to take control of their digital life.

Data protection by design and by default

Data protection by design and by default introduces the concepts of data protection during the design of a product or service, without requiring any additional action from the person concerned (DP by default).


The principle of accountability requires the data controller to demonstrate and prove that everything has been implemented according to the instructions outlined in the company’s privacy policy.

PIA (Privacy Impact Assessment)

The PIA (Privacy Impact Assessment) is produced in a number of cases, notably when the processing of personal data entails a risk for individuals.

Data breach

Data breaches need to be reported to data protection authorities (the CNIL in France, the ICO in the United Kingdom) by the controller within 72 hours, at the most. In the event of high risk, the controller must inform those concerned individually.

Data portability

This notion ensures data portability between different service providers (for example, in social media, service providers specialising in supplying and managing email addresses).

Security measures

It is necessary to ensure that the appropriate technical and organisational measures (TOMs) have been implemented in order to protect and secure personal data.


In case of non-compliance with the GDPR, fines can reach 4% of a company’s international financial turnover, or 20 million euros.

Data minimisation

Data minimisation ensures that as little data is collected as possible. Therefore, collected data has to be relevant and limited to what is necessary for it to serve its purpose.

Fields of expertise

Our experience in regards to GDPR compliance projects covers a diversity of fields of activities, such as digital marketing, telecommunication, assistance in the social field, IT technical support, energy, transportation, heavy industry and geophysics. Thanks to our fields of expertise, which are technical, technological and operational, in addition to the legal framework; Data Privacy Professionals offers GDPR services tailored to your company’s needs.

GDPR services

Data Privacy Professionals provides complete assistance services to VSBs, SMBs and MSBs in their GDPR compliance and all other data privacy legislations.

Depending on your organisation’s needs, we can offer a range of services:
consultation and assistance (on site or remotely)
data protection officer, (DPO) external or externalised by the company
training courses (on site or remotely)
all-in-one packages

Data Privacy Professionals’ services stand as the architect of your personal data. The auditing phase, training courses, consulting, GDPR compliance and DPO (data protection officer) are all included in our services.

Consulting services and GDPR compliance

Our consulting and GDPR compliance services are available on your company’s premises or remotely.

These services put into operation a data privacy programme which defines, hierarchises and implements the necessary actions to achieve compliance, and accountability since they will also demonstrate the steps taken by your company.

These services are available in a range of three tiers to best fulfil your needs:
• the GDPR compliance Business tier is available from 1 day of services.
• the GDPR compliance Platinum tier is available after 5 days of services.
• the GDPR compliance Titanium tier is available after 10 days of services.

GDPR offers


GDPR compliance pack

Packs are intended for VSBs and SMBs, who have available personnel and time, to undertake their own GDPR compliance. In order to achieve this goal, the company uses and/or adapts the different deliverables included in the provided packs.

Basic Pack

Intended for VSBs and freelancers


Standard Pack

Intended for SMB


GDPR and cybersecurity training courses for your company

GDPR training courses curriculums can be separated into three units:

Awareness training course

The GDPR awareness training course is intended for the general public.

Training courses for employees

GDPR: putting theory into practice for VSBs, SMBs, and MSBs. This training course is intended for your employees, associates, and subcontractors so that they can grasp baseline principles, GDPR challenges, and implement good practices.

Cybersecurity: raising awareness about the security of products, services and processes regarding new information and communication technologies, good digital practises and digital skills for VSB, SMB and MSB. This training course is intended for your employees and/or associates so that they grasp cybersecurity core principles and implement routine actions for good digital practises.

DPO training course
(Data Protection Officer)

This training course is intended for the employee that will become your company’s internal or external DPO.

A tailored GDPR training

Data Privacy Professionals tailors GDPR training courses in accordance to the size of your organisation (start-up, SMB, MSB) and to your field of activities, such as:

Assistance in the social field

Assist and monitor struggling individuals: asylum seekers, assistance for a company’s employees.

Digital marketing

Analytics (cookies, fingerprinting, Google Analytics, Piwik/Matomo), profiling, targeted advertising campaigns, fidelity programs.

Medical field

Data regarding health are a particular kind of personal data since they are considered as sensitive data.

Sharing economy

Platforms creating connections in the transportation area, housing area, renting between private individuals (C2C).


Big Data, artificial intelligence, industry 4.0, internet of things (IoT).

Digital transition

Data protection is at the centre of the digital transition of procedures, tools and professions.

Business models

Business models evolve from the notion of products to services.

A local and international company

Data Privacy Professionals provides its services across France and especially in Île-de-France (Parisian region) and the Grand-Est region:
• in Alsace (Bas-Rhin / Haut-Rhin) : Strasbourg, Mulhouse, Colmar.
• in Lorraine (Moselle, Meurthe et Moselle, Meuse, Vosges) : Nancy, Metz, Thionville, Épinal, Saint-Dié, Bar-le-Duc, Forbach, Sarreguemines.
• in Champagne-Ardenne : Reims, Troyes, Charleville-Mézières.

We also intervene abroad (in French, English and German):
• Germany :
       • Bade-Wurtemberg : Karlsruhe, Stuttgart, Fribourg, Offenbourg
       • Sarre (Sarrebruck)
• Switzerland: Bâle
• Luxemburg
• Belgium
• United-Kingdom: London