Login
You are...
Products
Business account A professional account with far more comprehensive services than a traditional bank Collection Cash your customers quickly and easily Accounting Anytime provides invoicing software, facilitates your accounting and helps you with administrative formalities. Financing Discover a wide range of services to support your growth. Whether you're self-employed or a large company, our solutions are tailored to your needs. Cash Management View the banking position of all your activities in real time. Put in place an analytical vision of your flows and give meaning back to your banking operations.
Mastercard business cards Discover the services and Mastercard cards available to you. Corporate expense management Capped Mastercard cards with employee rights management. Managing association expenses The dedicated solution for associations to manage their business expenses. Insurance and legal protection Insurance is included in cards or packages, and meets the needs of both the self-employed and large companies. Chartered Accountants To make your life easier and avoid errors in your declarations, entrust your accounting to chartered accountants.
Expense management
Rates

The importance of the data protection officer in SMEs

Published on September 07, 2021 - 3 mins reading time
Bank watch
In the General Data Protection Regulation (GDPR), the Data Protection Officer (DPO) has a central role. A survey conducted by Innofact for Usercentrics and Siinda shows that only 16% of companies do not have one.

Helping companies comply with the RGPD

Described as the "conductor" of data protection compliance by the CNIL, the DPO's role is to inform and advise the company that has appointed him/her, as well as to monitor compliance with the regulation and national law.

This support takes the form of various actions:

  • mapping treatments,
  • prioritize actions to be taken,
  • manage risks,
  • organize internal procedures,
  • document compliance.

The Data Protection Officer is also required to manage compliance by :

  • structuring and animating its internal and external network,
  • raising employee awareness through the creation of thematic content and the initiation of a global reflection on the implementation of a data protection policy within the structure in which they work.

The appointment of a DPO is mandatory if :

  • processing is carried out by a public entity,
  • the structure carries out "regular and systematic monitoring of individuals on a large scale", or processes sensitive data or data relating to criminal convictions and offences.

If the organization does not meet any of these criteria, the appointment of a data protection officer remains optional.

SMEs consider themselves well positioned when it comes to data protection

The progress made by European SMEs since the RGPD came into force in 2018 is real. A study on the subject was commissioned by publisher Usercentrics and business association Siinda in which 600 executives working in French, German and British SMEs were surveyed. The results show that over 68% of those surveyed consider themselves to be well positioned when it comes to data protection. What's more, most European companies have a data protection officer. Only 16% say they have not appointed one.

For all that, in France, the CNIL, which plays a major role in monitoring and enforcing the RGPD, considers that much remains to be done. Indeed, the appointment of a DPO does not guarantee that data privacy issues are fully taken into account. According to AFPA, in 2020, 63% of data protection delegates did not benefit from a specific budget.

Today, 41% of French companies believe that data protection is good for them. However, a quarter of those surveyed perceive compliance as a cost center and see their business model threatened by tightening regulations. Thus, the hopes and expectations raised by the adoption of the RGPD have yet to be realized.