C2RO: Standing out with its GDPR compliance

Developed by the Montreal-based start-up C2RO, C2RO PerceiveTM uses a store’s surveillance cameras to understand the journey customers take throughout the store. This provides information on the preferences and behaviours of customers and allows businesses to develop demographic profiles of their different in-store visitors.

Should we shout Big Brother?

Far from being intrusive, the analysis of the in-store journeys and behaviour of customers is done while preserving the privacy and anonymity of individuals and respecting the strict standards of the General Data Protection Regulation (GDPR) established by the European Parliament.

To avoid data reconciliation and enabling the platform to recognize individuals, none of the information is combined or reused, nor is it linked to any transactional information.

Due to the particular nature of the product, it took time to comply with the GDPR standards. “It’s a long and difficult journey,” explains Dr. Farokhi. “It took several months of work. It was necessary for us to establish a relationship with the law firm, with whom we examined the type of image and data we use, how they are stored and processed.”

Appointment of a Data Protection Officer

To ensure their compliance with the rules, the company chose to appoint a specialized lawyer in data protection who is based in Paris, Gérard Haas, as their Data Protection Officer (DPO).

His role is to ensure the compliance to the GDPR and Privacy Impact Assessments, to anticipate the adverse effects of the technology before it is deployed and to establish its compliance with the standards. More generally, the DPO is the point of contact for anyone with concerns about how the data is used and processed.

Compliance with GDPR as a key differentiator

For Dr.Farokhi, the steps taken to become GDPR compliant were worth it.

“For us, it opens up new possibilities, it is a key differentiator. The GDPR is moving the focus to respecting the privacy of individuals, it avoids any possible misunderstandings and fears. People are less suspicious of new technologies if they know what their limitations are, if they know that companies are on their side.”

The benefits of compliance with standards are not only advantageous in Europe. If a company has activities in Europe, the rules apply to European Union citizens, no matter where they are in the world.

It is also a way to prepare for any changes that future regulations will bring upon.

Identifying your gap with the standards

“The GDPR acts as a kind of wake-up call for companies. What happens in another jurisdiction could happen in ours,” says Marcel Naud, a lawyer with Robic. It becomes a pretext to review its practices, to measure its gap with the standards. If we do better and more than others in a preventive way, it can become a competitive advantage.”

Recent events also have a significant awareness-raising effect. “People are more concerned about the risks related to the security of personal information,” adds Mr Naud. Business owners are concerned not to be the next one to be caught.”

The company, which has 20 employees, has already received $4.5 million in funding. Soodeh Farokhi plans to do a Series A financing round in mid-2020.

###

published at lesaffaires.com, https://bit.ly/2BznzJh