Mathieu Pouliquen

• Drafting of a new version of the privacy policy

• Support and facilitation of meetings on best practices regarding legal privacy requirements with sales teams

• Management of data protection agreements with international partners and suppliers

• Conducting DPIAs for eligible processing activities (KYC, KYB, AML, ...)

• Implementation of compliant processes with digital teams for the collection and processing of personal data

Carrying out fixed-price missions for GDPR compliance and outsourced DPO services in various sectors as Project Manager: insurance, banking, healthcare, pharma, tech startups, online education, law firms, accounting firms, non-profits, VSEs/SMEs, etc.

⏺️ GDPR Compliance (BUILD):

— Creation of processing records:

● Business / IT / legal interviews, document collection and analysis

● Identification of processing activities, purposes and sub-purposes, data and IS concerned

● Determination of legal bases, retention periods, and responsibilities

— Creation of DPIAs after eligibility assessment, development of risk mitigation plans

— Privacy reviews of processing activities, identification of compliance gaps and protection measures

— Information of individuals: development of information notices and privacy policies

— Contract updates: review of client/subcontractor/HR contracts

— Strengthening data security:

● IT and data protection security reviews (with IT / CISO)

● Management of SSI data protection reinforcement actions (with IT / CISO)

— Development of compliance policies and procedures frameworks:

● Individual rights exercise mechanisms

● Detection and management of personal data breaches

● Privacy and personal data protection policies

● IT charters and employee information

— Conducting awareness sessions on data protection and cybersecurity.

➡️ Compliance Maintenance (RUN):

— Periodic GDPR compliance audits and controls

— Personal data protection consulting:

● Privacy reviews of projects, identification of compliance gaps and protection measures

● Enrichment of processing records

● Compliance of relationships with new subcontractors

— Handling of GDPR rights requests

— Support in data breach management

➡️ Trainer:

— ADN Program (Amazon's digital training program) approximately 10h

— Training on behalf of Pôle Emploi: 40h sessions for individuals undergoing professional retraining

Arval is a French corporate vehicle leasing company founded in 1989 and subsidiary of BNP

Paribas. It is present in France and 30 other countries, with almost 7,000 employees.

Mission carried out on behalf of Arval France and its 30 subsidiaries, in an international

context (exchanges in English).

1. RoPA (Register of Processing Activities) ; management of a project to create and

enhance RoPAs (Register of Processing Activities) on behalf of the 30 ARVAL legal

entities, based on BNP Paribas Data Office guidelines

2. GDPR Suppliers : correction project of the subcontractor identification system, with

the aim of grouping and clarifying the contractual provisions. Suggestion of

adjustments in terms of data protection measures (technical and organizational).

3. DPIA ; identification and realization of new DPIAs, remediation actions on previously

initiated DPIAs

4. Data Retention ; drawing up remediation action plans for various assets

5. Legitimate Interest Assessment (LIA) / Balancing tests : identification,

prioritization and realization of LIAs for various processing activities