RGPD compliance can be a real headache. That’s why it may be wise to call on a RGPD lawyer… but beware of charlatans! Through our interview with Sylvain Staub, a Data, IT lawyer for 20 years, find out what an RGPD lawyer is for, and how to find the right one.
The DPMR (General Regulation for Data Protection) has been in force in the European Union since 25 May 2018. This legal text obliges all companies that process personal data to comply with a number of rules.
If they do not comply with these rules, companies may be liable for a fine. The fine can be up to 25 million euros or 4% of their turnover.. Thus, following collective complaints filed with the CNIL by the associations La Quadrature du Net and None of your Business in May 2018, Google has just been fined a hefty 50 million euros.
It is therefore essential to comply with the DGR. However, this process can be very complex. In fact, it is often preferable to call upon external specialists: the DMPP lawyers.
To learn more about the role of these specialists, we met with Sylvain Staub of Staub and Associates.. Lawyer in Data Law, IT for 20 years, he was offering services to comply with the French Data Protection Act long before the RGPD came into force.
What is the role of an RGPD lawyer?
According to Sylvain Staub, The role of a DPM lawyer is to assist the company in complying with the DPMR. It fulfills no in particular this objective “by analysing the way in which the company collects and processes data, by helping it to set up its register, to define its responsibilities, to review and draft its constraints with its customers and partners and, more generally, to avoid incurring its liability”.
Indeed, the DPGR imposes many imperatives on organizations. To begin complying with these regulations Sylvain Staub believes that several steps should be followed.
As a first step, the company must ” map the processing of personal data whether it is done internally or externally”. It must also “ask itself in what capacity it carries out these treatments”. Depending on whether it is controller, joint controller or processorThe company’s obligations do indeed change considerably.
It is therefore a burning issue. According to Sylvain Staub, since most companies have started to comply, the main question they are asking themselves is precisely how to qualify their responsibility for each data processing between these three statuses.
It is then necessary to ” establish a register of personal data covering all processing operations « . Finally, the company must “verify that all organizational aspects of security are respected, and that it will be able to justify at all times the manner in which the data is processed and secured”.
Data Legal Drive: a digital solution for RGPD compliance
The role of the DPM lawyer is therefore to accompany the company throughout the compliance process. However, in the eyes of Sylvain Staub, his role does not end there. He believes that companies that use a DPM lawyer have also need a digital solution to gather the different information. These are scattered throughout the different departments of the organization. Thus, it is necessary to be able to share and update them in real time.
However, the traditional” platforms such as Excel do not offer these possibilities.. They are not adapted to the development of a collaborative registry? i to the consideration of other issues of the RGPD such as security holes or website management.
This is why Sylvain Staub is also developing a LegalTech solution called Data Legal Drive. This solution is designed to help companies think about all aspects of corporate compliance. Then, to gather all the information and documents to prove that the company is compliant and to accompany the compliance process from A to Z.
It is a collaborative platform in SaaS mode, accessible to all members of the company who process personal data. Intuitively, “it allows to make a diagnosis of conformity, to map the processing, to manage the requests made by the persons concerned (customers, Internet users, partners…), to manage the problems of security breachesand to consolidate clauses and contracts in a manner consistent with the DPR.
RGPD lawyer: how to find the right one and avoid charlatans?
As you can see, a DMPP lawyer can be of great assistance in the compliance process. Unfortunately, the urgency and imperative nature of this compliance is perceived by many charlatans as an opportunity.
Some offer poor quality services that do not guarantee compliance. Others go even further. They misappropriate the company’s personal data file and then sell it to cybercriminals. The The danger is therefore very real.
It is therefore essential to avoid scams when choosing a PGD lawyer. In order to do sothe CNIL recommends taking the time to carefully identify the organizations who offer their services to ensure their legitimacy.
The CNIL’s second advice is to call on experienced professionals such as lawyers or external service companies made up of lawyers and IT services qualified in personal data protection. Sylvain Staub shares this view. He recommends turn to a lawyer who has been fully conversant with personal data law for many years.
In addition, the Specialist strongly recommends choosing a DMPP lawyer who is able to accompany the client not only with his or her expertise and experience, but also with a digital tool like Data Legal Drive. In addition to making compliance simpler and faster, such tools are generally an additional guarantee of quality and professionalism.
You now have all the keys in hand to choose the right RGPD lawyer. He will accompany you05 in your compliance. You should know that you can also call on our assistance by clicking on the button below.