C2RO NEWS | C2RO - Standing out with its GDPR compliance

Updated: May 3

Interview by lesaffaires.com

Developed by the Montreal-based start-up C2RO, C2RO PERCEIVE™ uses a store’s existing surveillance cameras to understand the journeys customers take throughout the store. This provides information on the preferences and behaviours of customers and allows businesses to develop demographic profiles of their different in-store visitors.

Should we fear Big Brother?

Far from being intrusive, the analysis of the in-store journeys and behaviours of customers is done while preserving the complete privacy and anonymity of individuals and respecting the strict standards of the General Data Protection Regulations (GDPR) established by the European Parliament.

“We have developed a machine vision platform that anonymously captures the in-store visitor journey, which we segment by demographic class, without having to use facial recognition or sensitive biometric data”, says Dr. Soodeh Farokhi, founder and Chief Technology Officer at C2RO.

To avoid data reconciliation and enabling the platform to recognize individuals, none of the information is combined or reused, nor is it linked to any transactional information.

Due to the particular nature of the product, it took time to comply with the GDPR standards. “It’s a long and difficult journey,” explains Dr. Farokhi. “It took several months of work. It was necessary for us to establish a relationship with the law firm, with whom we examined the type of image and data that we use, how they are stored and processed.”

Appointing a Data Protection Officer

To ensure their compliance to the regulations, the company chose to appoint a specialized lawyer in data protection who is based in Paris, Gérard Haas, as their Data Protection Officer (DPO).

His role is to ensure the compliance to the GDPR and Privacy Impact Assessments (PIAs), to anticipate the adverse effects of the technology before it’s deployed and to establish its compliance with the standards. More generally, the DPO is the point of contact for anyone with concerns about how the data is used and processed.

Compliance to GDPR as a key differentiator

For Dr. Farokhi, the steps that were taken to become GDPR compliant were worth it.

“For us, it opens new opportunities, it’s a key differentiator. The GDPR is moving the focus to respecting the privacy of individuals, it avoids any possible misunderstandings and fears. People are less suspicious of new technologies if they know what their limitations are, if they know that companies are on their side.”

The benefits of compliance with standards are not only advantageous in Europe. If a company has activities in Europe, the regulations apply to all European Union Citizens, no matter where they are in the world.

It is also a way to prepare for any changes that future regulations will bring upon.

Identifying your gap with the standards

“The GDPR acts as a kind of wake-up call for companies. What happens in another jurisdiction could happen in ours”, explains Dr. Marcel Naud, lawyer of the firm Robic. “it becomes a pretext for companies to examine their current practices, to measure its gap with the standards. If we do better and more in terms of precautions, it can become a competitive advantage.”

Recent events and news around data privacy have also caused an awareness-raising effect. “People are more concerned regarding the risks linked to data privacy”, adds Dr. Naud. “Business owners are being cautious to not be the next ones to be caught in a scandal.”

The company, which has 20 employees, has already received $4.5 million in funding. C2RO plans to do a Series A financing round in mid-2020.

Original article published in French at lesaffaires.com

Featured on TandemLaunch’s Blog.