top of page


Or Representation service within the EU on behalf of a data controller or processor established outside the EU:
EU Representation - Article 27 of the GDPR


#1 : EXTERNAL DPO - Articles 37 of the GDPR


Note: the function of representative within the EU of the data controller or processor is incompatible with the function of DPO for the same company.

The DPO or Data Protection Officer is the person in charge of overseeing GDPR compliance.
Our experts support your compliance on the legal, organizational and cybersecurity aspects. We take over the role of the DPO - Data Protection Officer at 100% in order to guarantee you optimal compliance with the GDPR: immediately operational.

Rely on comprehensive expertise in data law, IS security, cybersecurity and data governance.


Why an external DPO? According to the European Regulation, a data protection officer must combine professional qualities and avoid conflicts of interest, that is to say to ensure the independence and skills (prior training) of your future DPO who thus could not be a direct user of the data, nor the CIO or the manager judge and party.


The DPO can be external to the structure that appoints him and this, in the terms specified in Article 37 of the General Data Protection Regulations.


We provide you with an "external DPO" service contract that fits well with this choice of outsourcing the function. As such, we will work closely with your internal employees responsible for IT and Civil Liberties aspects to work on the development, implementation and popularization of a general data protection policy in accordance with the legislation.

Missions of the external DPO: EU - Article 39 of the GDPR

  • Inform and advise

  • Control and audit the correct application of the regulations and the law of the State in which it is established

  • Raise awareness and train

  • Provide advice for the implementation of impact analyzes and support you in carrying it out

  • Cooperate with the supervisory authority

  • Act as a point of contact with the supervisory authority and those affected by the body's processing



Our prices are known in advance and without surprises to easily budget your compliance. It only remains to define precisely in the contract your needs beyond the minimum decreed by the RGPD then we will declare the designation to the competent national authority among the G29. FLAG MISTAKES will then be your one-stop-shop and multidisciplinary one - consultants, cybersecurity experts, legal experts, lawyers.



Collect information: gather legal documentation, sort data from all media and devices identifying so-called sensitive personal data, entitled to treatment or not; organize watches on matters relating to personal data and the security of information systems; raise the awareness of management and employees and freelancers on site; Diagnose; prioritize the actions to be taken to limit the risks depending on your exposure and your sector of activity.


& management

Full compliance monitoring, awareness review, submission of a roadmap or action plan, process compliance and access to this important and confidential information, web compliance, subcontractor compliance, records.

Management of the legal study, staff training, risk audit, establishment of procedures guaranteeing the confidentiality of data, choice of means of preserving personal computer data according to their sensitivities, and securing access.



Let your customers know that their personal data is secure and that they have easy and natural access (self-management) or simple on demand. Ensure that Obsolete data, collected without a legal basis, which are sources of significant costs for their storage as well as risks for your organization. Establish an archiving, erasure and access policy. Our experts support you to enhance your data and get rid of what is harmful to your business.


I am Chief Executive Officer and Director of the Data Security Division, of which the external or shared DPO service is part: an economical solution if the size of your organization, your core business does not justify an internal DPO or if you want this service even temporarily (1 month minimum) while waiting for recruitment or replacing the internal DPO as I did in 2019 for EDVANCE or Cybersecurity Senior Consultant for EDF from 2022 untill today.



Describe us your need of compliance audit or DPO

bottom of page