Elisabeth Quillatre (Renault) "we have developed a DPO dashboard"

In the run-up to the night of the data protection officer, Renault's DPO explains how it used an RGPD obligation to create a European compliance monitoring tool.

The JDN is proposing for the third consecutive year, on 3 December, an event to reward the best data protection officers in France. For more information, visit: the night of the data Protection Officer.

JDN. What major project have you conducted this year?

Elizabeth Quillatre. We have developed a DPO dashboard that brings together all the data needed for its work in one place. We started from the development of a mandatory register, which describes the conditions of each data processing carried out by the legal entity, which subcontractors are involved in the processing, what security measures are put in place, how long it is kept, etc. We then added several modules: the inventory of security deficiencies, the training in the RGPD carried out, the impact studies carried out, the complaints received for non-compliance with the RGPD and the checks carried out by the CNIL. We then added several modules: the inventory of security deficiencies, the training in the RGPD carried out, the impact studies carried out, the complaints received for non-compliance with the RGPD and the checks carried out by the CNIL. Some of these bricks are already active in France, others will be activated in a second version of the tool that will be delivered in January. A little later we will add a final brick: the exercise of rights by users or employees-for example, requests for data deletion. Some of these data are hardwired to the registry via databases, others are indexed and called via APIs.

In concrete terms, what does this tool change in your work?

With the RGPD, we no longer declare our processing to the CNIL; instead we have to keep documents that prove our compliance a posteriori in the event of a check. This tool will make it easy for us to show our compliance to the authorities, for example, to prove that we have made our employees aware of these new obligations. Another interest is to create a link between these different previously compartmentalized databases. For example, to find out whether a check is a result of a client's complaint. This tool also allows DPOs in the various European countries where Renault operates to have access to a single entry point to find all compliance information. For the time being, this tool is deployed in France and three other European countries, with varying numbers of active bricks.

What difficulties have you encountered?

The big challenge is to manage the variable development speed from one module to another. When we modify one of the modules, we also need to change the APIs. The tools are interdependent and therefore need to evolve at the same time. For example, this has forced us to postpone the integration of the exercise of rights module, as we have not been able to develop it fast enough to integrate it into the January delivery process.?

How is this project innovative?

"it brings evolutions to an existing tool to make it something totally different. This is the first time I have found myself in a company with a unique tool that gives me a global view of all the missions I have to fulfill."

How is he unifying?

"we have associated the legal directorates of several countries as well as the privacy ambassadors of our business directorates at headquarters, so that they can participate in the creation of their future reporting tool."

How ambitious is it?

"it's ambitious because we started in September and everything has to be ready by December, which means an extremely tight retroschedule. And when you want to harmonize a tool in a group of this size, it's always complicated."

Elisabeth Quillatre has been the Renault Group's data protection officer since June 2019. She previously held the same position at Christian Dior, after working for five years on legal issues in the IT department of L 'Oréal.

The JDN is proposing for the third consecutive year, on 3 December, an event to reward the best data protection officers in France. For more information, visit: the night of the data protection officer .JDN.Quel...

I manage my push subscriptions