Be called back
Demonstration
To process your request, we need to process your personal data. Find out more about the processing of your personal data here.
Interview with Raphaël Buchard by Onechocolate on GDPR compliance GDPR Respect for clients employees
In May, it will be four years since the GDPR (General Data Protection Regulation) came into force in the European Union. This is the most recent regulatory development since the 1995 European Directive on the protection of personal data. Since 2018, the stakes and the regulatory framework have changed profoundly. While 90% of companies are still not compliant, awareness has been growing for several months now. To accompany this shift in attitudes and concerns, new players specializing in compliance and data protection are emerging, with innovative methods and tools that are poised to truly change the game. Among them is start-up Dipeeo, whose co-founder and CEO, Raphaël Buchard, we interviewed.
What services does Dipeeo offer and how are you disruptive on the GDPR compliance market?
As a general rule, GDPR compliance is a complex, time-consuming and expensive process for companies, and the existing support offering is aimed primarily at those with sufficient money and resources to take it on. Unlike other compliance specialists, Dipeeo provides fully outsourced, paperless data protection delegation. The observation I made when working on GDPR compliance projects at a law firm was that, contrary to entrenched beliefs in the industry, all the steps prior to a company becoming compliant - such as conducting an audit and mapping and drafting documents - were fully automatable and a considerable amount of time could be saved on this work. Today, thanks to our automation model and the development of our automatic generators, we can carry out a complete mapping of the company in less than two hours, thanks to a simple questionnaire on elements with legal implications - a task that previously took several weeks or even months, as well as significant human resources.
What is the main challenge facing companies with regard to the GDPR
Data protection is becoming a major social issue! Generally speaking, the GDPR to be intimidating, as the regulation was designed as a veritable bureaucratic nightmare that, in addition to being costly and time-consuming, doesn’t really create any value. But over the past few months, we’ve seen a shift in attitudes toward the issue, mainly because users are increasingly turning to services that respect their personal data. Faced with a surge in risks, companies are gradually realizing that compliance can become a source of value.
In concrete terms, what are the risks incurred by companies with the GDPR ?
The most talked about penalty is, of course, the financial penalty, which can be up to 4% of the company's annual turnover; but the likelihood of reaching this point remains low for the time being. Before that, companies receive a formal notice requiring them to comply within 30 days; they are then caught up in a lengthy litigation process, which can have serious consequences, including the loss of clients damage to their brand image, especially in the context of users' awareness of data protection. A large part of the risks also concern the field of human resources, with complaints filed with the CNIL (National Commission for Information Technology and Civil Liberties) employees against their companies; currently, this represents 20% of the complaints recorded by the CNIL (National Commission for Information Technology and Civil Liberties) Finally, the B2C sector is particularly exposed to the risk associated with commercial prospecting, which includes many specific features to protect consumers in general.
In short, respecting the GDPR also means respecting your clients and employees.
In your opinion, GDPR the GDPR likely to evolve in the future, and if so, in what ways?
As a "federal law" dating from 2018 and succeeding a 1995 directive, the GDPR will not be required to change fundamentally within the next fifteen years. Instead, it will be supplemented by new laws, as was the case with ePrivacy in February 2021, and as will be the case in 2022, with the DSA (Digital Services Act) and the DMA (Digital Markets Act) to regulate the common digital space. Generally speaking, I think data protection will explode in terms of legislation outside Europe, as other countries get on board, taking their cue from the GDPR : China has passed a similar law, Canada is preparing its own, and the US is strongly considering it.
Furthermore, GDPR compliance GDPR inevitably gain momentum, as evidenced by the growth in our revenue and the number of new contracts we’ve signed in recent months. Eventually, the role of the DPO (Data Protection Officer) will diminish, and companies will rely exclusively on external firms specializing in compliance, such as ours.
What is the impact of the GDPR on press relations agencies in their regular contacts with the press?
The GDPR these practices but does not prohibit them. To understand the regulation’s impact on your business, you need to assess several factors. For example, whether the contact information you use to reach out to journalists comes from a database you created internally or one you lease from an external service provider. In the latter case, you must ensure that the service provider is itself compliant with the GDPR. Another factor concerns the practice of business prospecting: if this is conducted in a B2B context, the individual’s prior consent is not required, unlike in B2C prospecting. The key point in B2B sales prospecting is to allow the Data recipient email to unsubscribe, while informing them of how you obtained their contact information and what the PR agency is doing, in terms of compliance, to protect their data.
