GDPR respecting yourclients employees

Interview with Raphaël Buchard by Onechocolate on GDPR compliance GDPR Respect for clients employees

In May, it will be four years since the GDPR (General Data Protection Regulation) came into force in the European Union. This is the most recent regulatory development since the 1995 European Directive on the protection of personal data. Since 2018, the stakes and the regulatory framework have changed profoundly. While 90% of companies are still not compliant, awareness has been growing for several months now. To accompany this shift in attitudes and concerns, new players specializing in compliance and data protection are emerging, with innovative methods and tools that are poised to truly change the game. Among them is start-up Dipeeo, whose co-founder and CEO, Raphaël Buchard, we interviewed.

What services does Dipeeo offer and how are you disruptive on the GDPR compliance market?

As a general rule, GDPR compliance is a complex, time-consuming and expensive process for companies, and the existing support offering is aimed primarily at those with sufficient money and resources to take it on. Unlike other compliance specialists, Dipeeo provides fully outsourced, paperless data protection delegation. The observation I made when working on GDPR compliance projects at a law firm was that, contrary to entrenched beliefs in the industry, all the steps prior to a company becoming compliant - such as conducting an audit and mapping and drafting documents - were fully automatable and a considerable amount of time could be saved on this work. Today, thanks to our automation model and the development of our automatic generators, we can carry out a complete mapping of the company in less than two hours, thanks to a simple questionnaire on elements with legal implications - a task that previously took several weeks or even months, as well as significant human resources.

What is the main challenge facing companies with regard to the GDPR

Data protection is becoming a real social issue! In general, the GDPR tends to scare people, because the regulation was designed as a real gas factory that, in addition to costing money and taking energy, doesn't create value as such. But in recent months, we've seen a shift in attitudes on the subject, mainly because users are increasingly turning to services that respect their personal data. Faced with the explosion of risks, companies are gradually realizing that compliance can become a source of value.

In concrete terms, what are the risks incurred by companies with the GDPR ?

The most talked about penalty is, of course, the financial penalty, which can be up to 4% of the company's annual turnover; but the likelihood of reaching this point remains low for the time being. Before that, companies receive a formal notice requiring them to comply within 30 days; they are then caught up in a lengthy litigation process, which can have serious consequences, including the loss of clients damage to their brand image, especially in the context of users' awareness of data protection. A large part of the risks also concern the field of human resources, with complaints filed with the CNIL (National Commission for Information Technology and Civil Liberties) employees against their companies; currently, this represents 20% of the complaints recorded by the CNIL (National Commission for Information Technology and Civil Liberties) Finally, the B2C sector is particularly exposed to the risk associated with commercial prospecting, which includes many specific features to protect consumers in general.

In short, respecting the GDPR also means respecting your clients and employees.

In your opinion, GDPR the GDPR likely to evolve in the future, and if so, in what ways?

As a "federal law" dating from 2018 and succeeding a 1995 directive, the GDPR will not be required to change fundamentally within the next fifteen years. Instead, it will be supplemented by new laws, as was the case with ePrivacy in February 2021, and as will be the case in 2022, with the DSA (Digital Services Act) and the DMA (Digital Markets Act) to regulate the common digital space. Generally speaking, I think data protection will explode in terms of legislation outside Europe, as other countries get on board, taking their cue from the GDPR : China has passed a similar law, Canada is preparing its own, and the US is strongly considering it.

What's more, GDPR compliance will inevitably ramp up, as evidenced by the rate of growth in our sales and the signing of new contracts in recent months. Eventually, the role of DPOs (data protection officers) will be set to weaken, and companies will rely exclusively on outsourced companies specializing in compliance like ours.

What is the impact of the GDPR on press relations agencies in their regular contacts with the press?

The GDPR frames practices but does not prohibit them. To understand the impact of the regulation on your business, you need to assess several parameters. For example, whether the contact details you use to contact journalists come from a database you've created in-house or that you hire from an outside service provider. In the latter case, you need to ensure that the service provider is itself GDPR. Another parameter concerns the practice of commercial prospecting: if this is carried out in a B2B model, the person's prior consent is not required, unlike B2C prospecting. The key, in B2B commercial prospecting, is to allow the Data recipient of an e-mail to unsubscribe, while informing them of how you obtained their contact details and what the PR agency implements, in terms of compliance, to protect their data.