top of page

C2RO NEWS | C2RO - Standing out with its GDPR compliance

Interview by

Developed by the Montreal-based start-up C2RO, C2RO PERCEIVE™ uses a store’s existing surveillance cameras to understand the journeys customers take throughout the store. This provides information on the preferences and behaviours of customers and allows businesses to develop demographic profiles of their different in-store visitors.

Should we fear Big Brother?

Far from being intrusive, the analysis of the in-store journeys and behaviours of customers is done while preserving the complete privacy and anonymity of individuals and respecting the strict standards of the General Data Protection Regulations (GDPR) established by the European Parliament.

“We have developed a machine vision platform that anonymously captures the in-store visitor journey, which we segment by demographic class, without having to use facial recognition or sensitive biometric data”, says Dr. Soodeh Farokhi, founder and Chief Technology Officer at C2RO.

To avoid data reconciliation and enable the platform to recognize individuals, none of the information is combined or reused, nor is it linked to any transactional information.

Due to the particular nature of the product, it took time to comply with the GDPR standards. “It’s a long and difficult journey,” explains Dr. Farokhi. “It took several months of work. It was necessary for us to establish a relationship with the law firm, with whom we examined the type of image and data that we use, how they are stored and processed.”

Appointing a Data Protection Officer

To ensure their compliance with the regulations, the company chose to appoint a specialized lawyer in data protection who is based in Paris, Gérard Haas, as their Data Protection Officer (DPO).

His role is to ensure compliance with the GDPR and Privacy Impact Assessments (PIAs), anticipate the adverse effects of the technology before it’s deployed, and establish its compliance with the standards. More generally, the DPO is the point of contact for anyone with concerns about how the data is used and processed.

Compliance with GDPR as a key differentiator

For Dr. Farokhi, the steps that were taken to become GDPR compliant were worth it.

“For us, it opens new opportunities, it’s a key differentiator. The GDPR is moving the focus to respect the privacy of individuals, it avoids any possible misunderstandings and fears. People are less suspicious of new technologies if they know what their limitations are if they know that companies are on their side.”

The benefits of compliance with standards are not only advantageous in Europe. If a company has activities in Europe, the regulations apply to all European Union Citizens, no matter where they are in the world.

It is also a way to prepare for any changes that future regulations will bring.

Identifying your gap with the standards

“The GDPR acts as a kind of wake-up call for companies. What happens in another jurisdiction could happen in ours”, explains Dr. Marcel Naud, lawyer of the firm Robic. “it becomes a pretext for companies to examine their current practices, to measure its gap with the standards. If we do better and more in terms of precautions, it can become a competitive advantage.”

Recent events and news around data privacy have also caused an awareness-raising effect. “People are more concerned regarding the risks linked to data privacy”, adds Dr. Naud. “Business owners are being cautious to not be the next ones to be caught in a scandal.”

The company, which has 20 employees, has already received $4.5 million in funding. C2RO plans to do a Series A financing round in mid-2020.

Original article published in French at

Featured on TandemLaunch’s Blog.


Commenting has been turned off.
bottom of page