External DPO

Outsourced DPO


Since 25 May 2018, the General Data Protection Regulation (GDPR) has imposed rules on all entities collecting and processing personal data about EU citizens.

Data protection legislation is becoming more complex and risks are materializing at a rapid pace since 2018 with increasingly frequent and significant sanctions.

The legal risks can be of the following types (administrative: CNIL, up to 4% of turnover or 20 million Euros), civil or criminal law.

One of the main contributions of the General Data Regulation Protection (GDPR) is the creation of the Data Protection Officer (DPO).

As a personal data protection (PDP) expert, the DPO is responsible for steering the PDP management policy within a given organisation. The appointment of a DPO is mandatory for local authorities and organisations that handle personal data in great numbers, or for whose personal data processing is the core business.

Your DPO may be employed by your organisation. Or may be shared between several entities (e.g. in some local authorities) The DPO may also be external, a service provider who regularly intervenes on your behalf, without being your employee.

In all cases, the appointment of a DPO is made with the CNIL.

The advantages of choosing an external DPO from AlgoSecure

  • Your GDPR compliance piloted by an expert
  • Customized support and follow-up
  • Optimised DPO time thanks to acquired skills and our field experience
  • An educational and positive approach from our DPO for your teams
  • Our DPO is certified by AFNOR Certification

The appointment of a DPO also helps to reassure your clients and service providers, and in some cases it may even become a criterion of choice for responses to calls for tender.

The management of your GDPR compliance by our DPO

The GDPR compliance is a project that requires a great deal of organisation, a perfect knowledge of the subject, as well as the allocation and animation of key resources.
Our DPO manages the GDPR compliance of your organisation. She puts her knowledge of the legal framework and her experience at your disposal.

→ If you already have a DPO and would like to provide him or her with the assistance of an RGPD expert, check out our RGPD Coaching offer.

The main tasks of our external DPO

The tasks of the DPO are at least laid down by the GDPR (Article 39 of the GDPR) and may be supplemented by national organisations such as the CNIL.

Our DPO will thus be responsible for :

  1. Informing and advising the organisation and its employees, on their obligations: monthly regulatory watch to inform you and your department heads, half-yearly activity reports, distribution of a newsletter to employees, etc.
  2. Monitoring the compliance with data protection rules: annual reviews, conducted with the assistance of other consultants to provide a fresh perspective, quarterly verification of new needs to be addressed in terms of GDPR.
  3. Assisting the organisation in carrying out a PIA (Privacy Impact Assessment): verification of activities subject to PIA, assistance in carrying out the PIA if necessary.
  4. Cooperate with the CNIL and be the organisation's correspondent for all exchanges with the CNIL, with partners and data subjects: contact and request from the CNIL in the event of need and/or control of the organisation, appropriate responses to requests from your partners and to requests of rights issued by the persons concerned.
  5. Taking into account the reality of personal data processing in the exercise of its missions: prioritising AlgoSecure's actions according to the risks for individuals, and adapting them in the event of a change in the situation.

« The external DPO from AlgoSecure ensures these 5 missions by providing the services allowing to ensure all these missions, so as to respect also the recommendations of the CNIL and by adding our added value AlgoSecure

The missions specified by the CNIL and integrated by our external DPO

In the CNIL’s DPO guide, recommendations leads to the creation of new sub-categories of obligations. By calling on our external DPO and by appointing us as your DPO with the CNIL, you ensure that AlgoSecure carries out these missions for your benefit.

  • Systematic intervention in key moments: in accordance with your expectations, AlgoSecure will intervene during all procedures for updating the RPA ? (Register of Processing Activities), PIA, drafting or updating internal procedures, privacy policies and guides, as well as for the management of personal data incidents.
  • AlgoSecure will also continue to raise awareness on a regular basis, by means of newsletters but also through occasional events linked to current events (personal data protection day, start of the school year, arrival of new employees, etc.).
  • Compliance documentation: AlgoSecure will handle with keeping your RAT up to date, as well as your registers related to the GDPR and, in general, your body of compliance documentation, in application of the accountability logic set up by the GPDR. If documents are missing from this corpus, AlgoSecure can provide the drafts.

Our administrative and moral commitments
  • Adaptation of the DPO job description
  • Contract - engagement letter formalising the relationship
  • Commitment to confidentiality
  • Conflict of interest statement
  • Designation procedure with the CNIL

Support from our external DPO

Our External DPO will follow our adaptive method, alternating iteratively between workshops, isolated remote research and writing, and follow-up meetings.


Our DPO will get to know the context, your working environment, and meet your employees, thus facilitating future exchanges with them. The success of a GDPR project depends very much on the cooperation between the DPO and the various teams.

    🡺 One or more meetings as well as a document review will allow the work carried out in the previous years to be appropriated and an initial assessment to be made, together with a proposal for a detailed and personalised roadmap for the next two years.

Once the roadmap has been validated, our DPO will work mainly remotely on compliance and on the specific needs you express.

This work will mainly consist of :

  • Building or updating your GDPR compliance documentation.
  • Analysing the GDPR compliance of contracts with your partners and suppliers to renegotiate them if necessary.
  • Answeing your specific questions according to your needs.
  • Responding to solicitations sent to your email dpo@societe.fr.
  • Managing personal data leaks.
  • Corresponding with the CNIL if necessary.
  • Monitoring the protection of personal data (document reviews or interviews to assess the compliance of certain services throughout the year);
  • Raising awareness among employees on a regular basis.

Once a month, our DPO will hold a follow-up meeting by video conference, and will inform you about the latest news related to the protection of personal data.

Once a quarter, our DPO will come to your premises to carry out planned interviews with your employees, a face-to-face follow-up meeting and to ensure a permanent presence for all non-urgent GDPR issues.

A summary activity report will be sent to you once every six months. An annual review of the GDPR activity, designed with the help of other consultants to provide a fresh perspective, will be carried out.

Throughout the service, our DPO will provide you with all the documents needed to trace the activities of our DPO and to justify your compliance. A verification of their completeness will be carried out at the end of these two years. This will be completed by a final annual review. Finally, depending on availability and needs, a transfer of skills may be organised with a new DPO.

The AlgoSecure External DPO guarantees

  • Monthly follow-up meeting to keep track of progress
  • One day of work in your premises per quarter, in order to keep a vision of the reality on the ground
  • Regular participation in relevant working meetings and events in order to integrate our DPO into your team in a smooth way
  • E-mail and telephone availability for you and your employees
  • Permanence of the main DPO ensured by a substitute DPO who will be introduced to you beforehand
  • Support for your corporate email GDPR/DPO

Why to choose AlgoSecure ?

The culture of expertise

Our DPOs are trained and certified by independent third parties and their knowledge is regularly checked internally. Monitoring personal data and cybersecurity law is an integral part of our business.


Our DPOs have been recruited following a comprehensive process, including a focus on the soft skills that make good consultants, such as listening skills, communication, conflict management and effective organisation.

Integrity at the heart of our business

All AlgoSecure DPOs have signed and respect our confidentiality commitment and our ethics charter. We are used to working in sensitive and complex contexts, which often require the consideration of particularly sensitive interests.

Passionate and exciting DPOs

All our DPOs are absolutely passionate about data protection: this is the key to the success of their missions. Their pedagogical and benevolent approach allows for a constructive collaboration.

You've enabled "Do Not Track" in your browser, we respect that choice and don't track your visit on our website.