“C’est tres complique aujourd’hui de se declarer 100% conforme”

“In reality, it’s very complicated to declare in total and perfect conformity [with GDPR], be it today, in five or ten years, because it’s a continuous process. A company never really achieves 100% compliance, it works on it every day. It seeks to have compliance champions, such as compliance officers or DPOs, and gives them autonomy” says French privacy attorney Adrian Aulas.

“Today, there is a paradox because on the one hand, French companies are starting to have a pretty clear idea of ​​how to comply with the [GDPR], they have already done a lot of work, but, on the other hand, there are still uncertainties because it is a compromise text, with its gray areas. The supervisory authorities have not yet ruled on the entirety of its provisions”

“The advantage of [GDPR] is that it is a broad text in its principles, which does not go into the details of all the concrete cases, so it is quite scalable for companies. You can find different ways to comply, which really vary from one organization to another.”

Read more of Adrien Aulas’ insights