Blog

DPO Profile: Céline Petit, DPO at Data Need Advice

Par
Alessandro Fiorentino
Partagez cet article
Céline Petit, DPO of Data Need Advice

We had the pleasure of interviewing Céline Petit who looked back on her career, her actions and beliefs as an outsourced DPO.

Why use an outsourced DPO for the protection of your data?

Why is GDPR compliance software essential to the DPO profession, and especially for an outsourced DPO?

Outsourced DPO: a job with a future?

2 years after the implementation of the GDPR, we see that there is not only one possible strategy for GDPR compliance. Identifying and adapting what is being done elsewhere can be a good way to continue to comply over time.

Can you look back on your background, and what led you to become an outsourced DPO?

My dual training as a lawyer in public and private law allowed me to reconcile my attraction for public service missions and the general interest on the one hand, and my keen interest in seeking inventive solutions in law, particularly in the field of industrial property and new technologies. This double sensitivity quickly guided me to the public research sector within the valorization subsidiary of the University of Grenoble. I then worked as a lawyer, for the CNRS Institute of Biological Sciences where I was able to get a firsthand look at the personal data used in the context of Research/Health, then in a more immersive way for the Institut Curie where I worked, in addition, on the implementation of a guide to good practices on the use of personal data in associations and charities in preparation for the entry into force of the GDPR.

In 2018, I decided to devote myself full time to the profession of independent DPO by founding Data Need Advice.

Who are your customers and why do they use an outsourced DPO?

Because of my background and my network, my customers come, for the vast majority, from the e-Health sectors, new technologies — in particular Blockchain — and insurance. They use an external service provider because they do not have sufficient internal resources, knowledge or skills. They therefore prefer to use a professional with in-depth regulatory knowledge and good compliance practices. The outsourcing of this function also allows them to meet the requirement of independence of the DPO in its missions, required by the RGPD, and thus reduce the risks of conflicts of interest.

What is your vision of the outsourced DPO profession?

As the Adequacy tree brings together all the subsidiaries of a group in the same place, I see myself as the Data Need Advice DPO of an entity, in charge of several subsidiaries that are my clients. This global tree that houses us all has the same roots, but different branches. I feel like a DPO for the general interest, implementing specific rules and actions according to my customers. With respect for confidentiality of course.

What relationship do you have with your customers?

The most important thing, it seems to me, is to create and maintain a link with the teams in order to have a global vision, create trust and the desire to participate. This is why I set up regular steering committees, feedback questionnaires and thematic workshops to discuss with all my customers. For example, I am currently organizing workshops on DPAs so that everyone understands the issues, what they are concerned with, what are the criteria implying the need to do one etc... The pitfall to avoid would be to seize this subject in my own corner, at the risk that the internal teams will think that I alone decide whether or not to do a DPIA, and that the latter is incomplete and does not reflect reality.

Disseminating and sharing information within the company is essential not only to keep in touch, but more generally to ensure efficient compliance.

Another key to success, in my opinion, also lies in the ability to understand the governance model of each client from the outset of the mission, and to adapt accordingly to delineate the implications and roles of each and to have effective internal relays. Indeed, from one company to another, my contacts differ. In small businesses, I mainly work with the HR/administrative manager and the manager. In larger companies, I will be in contact with the managers of the various departments, such as technical managers, HR managers, marketing/communication managers and, of course, when there is one, CISOs, but also people directly involved in processing activities.

Why did you choose Adequacy and how do you use this software solution?

In particular, writing my analysis reports took me a lot of time. As I am passionate about new technologies, I quickly looked for a way to automate what could be automated and asked various LegalTechs.

Adequacy was the solution I needed. Thanks to its centralized approach, it facilitates the carrying out of audits and management, it facilitates contact with customers thanks to the possibility of opening access to them (possible comments, requests, etc.) and facilitates the creation of treatment registers and AIPDs. It also makes it possible to automate processes such as requests to exercise rights and to create your own repositories.

Thanks to the time that Adequacy saves me, I can focus on my role of advising my clients and offer them, especially for the smallest ones, adapted and advantageous rates. I am convinced that Adequacy is a differentiating factor in my business and that is why I always offer it as a tool to my clients. I have very good feedback from them, they see this solution as a guarantee of efficiency and credibility of my offer.

What future vision do you have for the outsourced DPO profession?

It is undeniably a profession that has a bright future ahead of it! I am convinced that with the constant evolution of data regulation and the growth in the use of data in the company, the use of this profession, for companies that do not have the resources in-house, will democratize, until it becomes automatic. Just as a company naturally uses an accountant or a lawyer, tomorrow it will use an outsourced DPO. Profession probably destined to be combined with that of Digital Ethics Officer (DEO), integrating into its missions, in addition to the legal and technical dimensions, ethical issues generated by the collection and processing of all this data but also the increasingly frequent use of algorithmic decision-making systems/automated decision-making. I am calling for this evolution because it is a question of serving the general interest, of contributing to building a world for our children that protects everyone's data and fundamental rights. This is also why, in parallel with my activity, and to complete my DPO hat, I am taking a certification course as a digital ethics delegate (DEO).

We thank Céline Petit for her intervention on her job as an outsourced DPO and on the subject of GDPR compliance. We invite you to continue the discussion with Céline Petit on Linkedin or via its website.

The latest news

News

Adequacy obtains the EcoVadis gold medal: a recognition of our CSR commitment

Alessandro Fiorentino
News

Adequacy ranked best GDPR compliance software by Déciders Magazine

Alessandro Fiorentino
Extraterritorial Laws and Related Laws

Data Privacy Framework: 3 factors of an inevitable shock

Alessandro Fiorentino

They have trusted us for years

Used by over 10,000 legal entities

Discover Adequacy

One of our experts introduces Adequacy to you in a real situation.
Let's discover together how Adequacy adapts to your reality on the ground.
Request a quote