Lexagone transforms your legal obligations to comply with the RGPD and AI Act into a strategic and operational asset thanks to its 18 years of experience in the field of Data Protection compliance.
Lexagone, a consulting firm in personal data protection, is composed of experienced and senior lawyers, GDPR experts working as a team to guarantee you the best expertise and efficiency for your operational needs.
Your GDPR support is provided by a proven organization with our centers of expertise, our own software for maintaining processing records and GDPR governance.
“Thanks to their organization, their availability and their pedagogy, Lexagone consultants were able to successfully carry out all the missions entrusted to them, including the most complex ones such as the DPIA. I recommend them for your GDPR "projects". They will be able to adapt to your requirements while remaining compliant.”
DSI of a Hospital Center
Lexagone is a RGPD compliance consultancy on a human scale, convinced that data protection is essential to guarantee the security of your business and the confidence of your customers. This is why Lexagone's leitmotivs are ethics, expertise and pragmatism. Our DPO (Data Protection Officer) consultancy offers RGPD support tailored to your needs.
At Lexagone we also have GDPR support from an outsourced Data Protection Officer for health and medico-social establishments, as well as strong expertise for DPIA of EHR.
Our GDPR compliance consultancy firm has been renewed by the CAIH as the holder of the AMOA SSIDP contract – Project management assistance services related to information systems security and data protection for the period 2024-2028.
Major foundations and associations in the medical-social sector have entrusted their governance in terms of personal data protection to Lexagone.
At Lexagone, our team of lawyers is made up of experienced (over 5 years) and senior (over 10 years) profiles who contribute to enriching our proven know-how for over 18 years.
01
Whether you are a small business or a large group, a healthcare facility or an EMS, our GDPR experts adapt their data protection support to your organizational, technical and legal constraints.
Our GDPR compliance consulting approach is designed to minimize the operational impacts on your businesses while optimizing the implementation of best practices.
02
Beyond mapping your treatments, diagnosing and analyzing your registry in our DPM solution, our data protection consulting firm optimizes your processes related to the processing of personal data to make them a real lever for performance.
03
Founded in 2007, Lexagone is a GDPR compliance consulting firm with our own software for maintaining the register of processing activities that allows us to centralize documentation (accountability) and the actions of our GDPR experts as part of our outsourced DPO missions.
Experts in their field, our GDPR consultants are both versatile and specialized in different areas of law (health, medico-social, local authorities, human resources, etc.).
Lexagone, as a GDPR consulting firm, has been selected as an exclusive partner by the ambassadors of Club Décision DSI: the leading independent French DSI Club dedicated to IT decision-makers.
The Lexagone team is also proud of its listing by several regional CSIRTs as a data protection consulting firm capable of intervening in incident responses requiring notification of a data breach to the supervisory authority (CNIL).
This is the mapping of your data flows. The Register of processing activities is the foundation of your GDPR compliance. It constitutes a detailed inventory of all personal data processing implemented by your organization.
As such, it must:
The DPO (Data Privacy Officer) or DPD (Data Protection Officer) is the conductor of GDPR compliance.
The appointment of an internal or external DPO is a legal obligation for:
Article 35 of the GDPR provides that when processing is likely to generate a high risk for the rights and freedoms of natural persons, the data controller shall, before processing, carry out an analysis of the impact of the processing operations envisaged on the protection of personal data.
On the basis of this principle, the CNIL has established the list of processing operations for which it is mandatory to carry out a DPIA:
“Patient” files of a university hospital, hospital, clinic, etc.).
“Resident” files of a CCAS or EPHAD.
Medical decision taken by an algorithm (AI).
HR management of “high potentials”.
Recruitment with a selection algorithm.
So-called Data Loss Prevention devices.
Video surveillance of a warehouse.
Professional alert system.
Fight against money laundering and the financing of terrorism (LCB-FT).
Processing aimed at personalizing online advertising.
Mobile application for collecting users’ geolocation data.
Complete list of CNIL processing operations subject to DPIA.
GDPR governance goes beyond simple privacy protection. It aims to anchor compliance in the corporate culture by implementing best practices in terms of security and organization. It is a necessity for all organizations today, particularly due to the increasing use of Artificial Intelligence (AI).
Corporate governance must now include specific rules to frame the use of AI with Data Protection Impact Assessments (DPIAs) for each AI project.
Mail : contact@lexagone.fr
Phone : +33 (0)972 169 310
Our GDPR consulting firm offers external DPO services managed by teams of specialized legal experts to ensure controlled GDPR governance.
Member of
Referenced by
