Interview with Nicolas Courtier, lawyer, DPO and Associate Lecturer at the University of Aix-Marseille

Can you look back on your career path and what brought you to who you are today?

‍

I have been a lawyer since 1991, I had a diversified career at the beginning, while being fortunate to have to deal with computer law cases very early on. I then gradually refocused on Intellectual Property, digital technology and personal data. It was what interested me the most.

The entry into force of the GDPR has accelerated the development of my firm's activity in the field of data protection. To do this, I have developed a partnership with Netsystem, which is a consulting company in digital transformation, and with its subsidiary DPOsystem. To deal well with data protection issues, it is necessary to combine technical and legal skills and for this you must know how to act in synergy.

Today, I therefore carry out three different but complementary and intertwined activities, my profession as a lawyer, in the diversity of practice that it allows, outsourced DPO missions (personally or in partnership with DPOsystem) and finally teaching, since I am an associate lecturer at the University of Aix-Marseille.

‍

In what context did you become an Adequacy partner?

‍

Simply looking for the best tool!

Adequacy offers one of the best tools on the market, which I really enjoy working with. Beyond the quality and reliability of the tool, the human quality of the team should be emphasized: competent, responsive and extremely efficient.

I always recommend at least two compliance tools to my clients, and in the vast majority of cases, they choose Adequacy, for the reasons I just mentioned.

‍

What has Adequacy changed for you and for your customers?

‍

There are sample register files to support companies in their compliance efforts. However, a simple Word or Excel file does not offer the tools to assist in building the register that are found in an online service. And then it's extremely difficult to change. Benefiting from a Saas service like Adequacy is fundamental in order to be able to make your register live according to your own developments and those of the subject. Such as those induced by case law. And also to benefit from the work of the editor who himself makes the tool evolve by intervening on the code.

The vision of compliance has evolved since 2017, mainly because we have learned and continue to learn but, from the beginning, Adequacy has been able to offer a robust tool in terms of IT reliability, now offering a very complete library of processing sheets, which is enriched over the years and which allows it to be always up to date.

‍

Beyond the tool, what is the strong point of Adequacy teams?

‍

The teams are both friendly and competent, they know their tool perfectly.

The DPO profession is a fairly recent profession, which is constantly evolving. What is your vision of this profession? What do you think the DPO of tomorrow will be like?

The difficulty of this job is that it relies on two skills: one technical, the other legal in addition to having to fully understand the organization for which it is used. And the context is changing, the NIS2 directive, for example, which is one of the next important legislative developments, if not the most important to come, is even more technical than the GDPR. It must be understood by the DPOs. Technical and legal are and will therefore always be more closely linked. However, technical teams are competent to implement standards and to adapt information systems to this end, the work of legal interpreters of legislation is different, to bring organizations towards compliance but the two must coordinate. There is therefore co-management to be implemented and registry tools are the supports for implementing this synergy.

The DPO must develop compliance in a global vision of the information system and the intangible heritage of organizations. Technology is constantly evolving and Europe is developing a whole new digital legislation with numerous texts whose list is constantly growing (DMA, DSA, IA Act...). It seems to me that the DPO, in order to understand the consequences on the information system and maintain its compliance, must have a global vision of the evolution of techniques and legislation in which data protection is part of.

All these laws complement each other and are interpreted in relation to each other. A vision solely focused on personal data will no longer suffice, if one day was enough.