Describe the company – the elevator pitch …
Since May 25th 2018 any non-EU company which wants to do business, or simply interact, with EU citizens needs to have a branch or at least a GDPR Representative within Europe. This is compulsory and, according to the General Data Protection Regulation, not complying will be fined.
EUDPR not only provides a GDPR Representative to non-EU companies but also removes the strain and pains for becoming GDPR compliant. EUDPR is both a european partner and coach for each one of its clients.
How are you different?
EUDPR has taken the decision, from an early stage, to go beyond being a simple EU business representative as we aim to help and coach our clients to become GDPR compliant under 30 days (after their subscription takes place). We audit our client, as a Supervisory authority would do it, to prepare them for the D-day. Hopefully, this day will never come. We like to compare ourselves with a car insurance. You get it, the insurance company makes sure everything is in order, and finally, you pray never to actually need it.
Let’s take an example. Imagine you discover that your system has been hacked into and that your users’ emails and passwords have been accessed. This could be a real problem as most people use the same passwords on different websites. Even if your site does not hold sensitive data the pirates ( hackers/ cybercriminals) may be able to use the emails and passwords to access other sites which could hold private data or enable the cybercriminals to act as if they were the user.
The GDPR demands that each relevant Supervisory authority be informed, in its own language, within 72 hours and be told what you will do about the data breach (for example, in this case, you would inform the users and advise them to change their passwords on the other sites). Having your system hacked is not a cause for being fined – except if your security turns out to have been obviously flawed – but lacking to advise the Supervisory authorities in time will necessarily entail a fine.
That is where your GDPR representative is your best ally (if he is reliable). He will ask you all the relevant questions regarding the data breach and inform each Supervisory authority, in the local tongue, according to where your users are located. So what could have turned out to be a nightmare can end up as a set of formalities.
Why will you do well?
The GDPR is a first step in data privacy reglementations. Many countries speak of implementing a GDPR-like set of rules, to enforce companies to deal with their data in a way that would protect their users. In California, we hear of the CCPA (California Consumer Privacy Act). At a federal scope, the US have already implemented the Privacy Shield, however it is said that a “GDPR USA” is on its way.
Companies are therefore bound to cope with data privacy and ignoring it is not an option. EUDPR is a great and user friendly way to answer this obligation.
Where are you based?
Obviously, we are based in the European Union! More precisely, we are based in Paris, France where our Supervisory authority is the CNIL, the one that hit Google with a €50m fine in January 2019. France is the most advanced country in regards to user privacy as the CNIL has been working on it for 40 years since 1978.
When was the company launched?
In 2018, Remy Wilders, Jan Vailhé, and Yannick Lescure worked together on solving KYC issues for cryptocurrencies distribution and business asset tokenization. Realizing that KYC is a small aspect of business and customer data protection, they joined up in December 2018 to build a complete hands on GDPR solution. This is when EUDPR was launched.
What have been your biggest wins to date?
As we have launched a couple of months ago the satisfaction of each new client is a big win.
Choosing the right GDPR representative is key. You need to find one who cares and who is really your partner both in helping you become compliant and in times of GDPR trouble. At the same time you may never turn out having a serious GDPR issue and some solutions may be an overkill and obviously costly.
Being based in Europe and having been a GDPR consultant for both very large and small companies, we know we have set up an efficient answer for the needs of small to medium-sized enterprises.
Who are you trying to attract to your product?
Registered outside the European Union, our customers come from a wide range of industries, such as marketing companies, e-commerce, content providers or staffing solutions, however the list is not exhaustive.
They have in common that they process personal data from EU residents, with the noteworthy exception that they do not deal with sensitive data as defined by Article 9 of GDPR . In other words, our customers do not collect records of criminal convictions, or ethnicity, religious or philosophical beliefs, political opinions, trade union membership details, health, sex life, or sexual orientation data on a large scale.
When a new customer fills in the onboarding form, our team members verify and authenticate, in a due diligence investigation, the company information as well as the kind of data that will fall into GDPR compliance.
Within 72h, the new customer is walked through the different steps which need to be taken to become GDPR compliant. Our aim is to make things as simple as possible by explaining the whys and providing the hows.
What tips would you give to others looking to build their business?
As the comma brand says: “Just do it!”. Don’t be afraid of the “what if”, it will probably never happen.
Tell us about your team?
EUDPR’s founders have been working over 10 years on data privacy, document management and security issues. The team is passionate and caring. The fact is that we simply want you to LOVE our services.
What are your plans for the future?
Our aim is to become a hub of caring companies with a large set of legal and promotional services available to all. The idea will be to help the companies expand their business in Europe by providing them with the right advice, coaching and tools.
What are your favourite tech gadgets?
We use privacy oriented communication tools in our everyday communications and weekly meetings. We also monitor the major data leaks by using social media and specialized media monitoring tools. There are data breaches everyday and some of the affected organisations would have to comply with GDPR by notifying data subjects within 72 hours.
What tech gadgets do you wish you could use to help you?
Actually, I’m not sure I really want it to exist, but if a DLP (data loss prevention) solution could monitor the data leaked and dumped in the dark web in real time, that would be interesting. However, as a Data protection representative, our core activity is to make sure that our customers are GDPR compliant and if a data breach occurs, we will be there with them to deal with regulatory requirements.
— EUDPR (@SeamlessGDPR) February 24, 2019
Anything else you’d like to add/we should have asked?
At this stage, you may think that your company will be lost in the crowd of companies and that the GDPR “Supervisory authorities” will never notice your website or have bigger fish to fry. The thing is it will not be the Supervisory authorities who will be on the lookout, it will be your users!
That means that if one of your users is data sensitive or even if he simply has a grudge against your company or your website he now has an incredible tool for getting back at you. All he needs do is to fill in a form on one of the 27 EU Supervisory authorities’ sites and you will receive a notice within a couple of days. The first obvious question will be “Who is your GDPR representative in Europe?”.
How do people get in touch with you?
Should this be of any interest to you, further information can be found on our website eudpr.com.