GDPR Solution

For a "by design & by default" GDPR compliance

A GDPR as Code module that ensures full compliance

The question we faced is the following:

« How can we implement the 99 law articles of the GDPR in an operational platform? »

This complexity requires a tangible compliance method to be implemented. This is why Black Tiger has created and developed the GDPR Box, a technical GDPR as Code module which is based on risk control. This allows us to guarantee our clients :

  • Their own compliance as data controllers
  • The maintenance of their commercial prospecting and fidelity activities
  • The construction of well-qualified prospects and customers relationships
  • The risk management of personal data exploitation through an impact analysis score
  • The implementation of a management interface for the DPO, with proof of conformity in case of control

The GDPR Box is based on the core principles and rights of the law, in particular the management of risks related to the privacy of data subjects:


SecurityConsent management
StorageRights of the data subject
ProcessingsRetention period


Black Tiger enables its clients to measure and anticipate their risks regarding the use of personal data in order to be able to make informed business decisions.

Upstream, data veracity is guaranteed by machine learning algorithms to normalize, deduplicate and consolidate individuals to maximize retention time. Satisfying the Rights of Individuals, the crucial subject of the GDPR, is then only a formality.

" People have legitimate concerns about the way their information is stored and processed by companies. We have been advocating data ethics since 2014 because it is now necessary for software publishers to be aware of the risks associated with the use of data. Above all, technology must remain at the service of the people. "

Anne-Tania Desmettre


GDPR as code - What is it?
The 8 most sanctioned non-compliances

A full GDPR compliance directly embedded
in an operational solution

Rights of the data subject :
  • Management of the Rights of the Data Subjects
    • Automation of the request process
  • Applications' Compliance
    • Analysis and Consent Management
  • Consent Management
    • Proof of consent and analytical reports
  • Preference management
  • Recording of actions and events
GDPR Risk Management :
  • Automation of the GDPR risk assessment through the 2i score
  • Processings register
  • Impact assessments
  • Mapping of personal data including GDPR attributes
Retention period
  • Description of the retention period calculation
  • Configurable purge algorithm per client and per sector
  • Anonymization process
Management of subcontractors
  • Description of the registration process for a new Data processor
  • Data processors' monitoring process
  • For each subcontractor Data processor
    • Monitoring of contracts and GDPR clauses | Legal warranties and security measures | Direct access survey | Data breach history
Security (PIA 2018 Method)
  • Security measures to mitigate risks
    • General data measures | General system security measures | Organizational measures
  • Register of GDPR audit
  • Management of security incidents and breaches
    • Description of the incident handling process | CNIL notification form | Incident handling record
GDPR awareness
  • General presentation of the regulations
  • French National Commission for Information Technology and Civil Liberties (CNIL) MOOC