Interview with Frédéric Campagna, DPO of Letsignit.
On the occasion of International Data Protection Day, Frédéric Campagna, DPO at Letsignit, shares a demanding and pragmatic vision of data protection in business.
Drawing on his experience within this email signature solution, used by organizations such as VINCI Energies, Sephora, ONET or Edenred, he discusses good practices applicable to all companies, whatever their size, sector or level of maturity. »
Where should a company start to structure its data protection?
The first piece of advice is not to reduce the subject to a simple regulatory obligation.
Before talking about compliance, we must understand what data is processed, in what contexts, and for what concrete uses.
A company that has a clear vision of its data flows always starts one step ahead.
At Letsignit, this logic is integrated from the design of the product, within a clearly defined GDPR framework. The projects are designed with the involvement of the DPO from the outset, in order to guarantee that uses develop in a compliant manner, without ever leaving this protection framework. This is a principle that applies very well to any organization.
What do you think are the structuring choices to make from the start?
The decisions taken upstream are decisive in the long term.
Security by design, clear governance, well-defined accountability, these are essential foundations.
At Letsignit, data protection is natively integrated into the solution. This is what allows us today to meet very high requirements, validated in particular by certifications ISO 27001 and ISO 27018.
The advice I would give to companies is to invest early on solid foundations from a security point of view, even if their environment is not yet very complex.
- ISO 27001 guarantees structured and continuous management of information security, covering risk management, governance, access management and data protection.
- ISO 27018 specifically regulates the protection of personal data in the cloud, with reinforced requirements in terms of confidentiality, transparency and GDPR compliance.
Moreover, speaking of GDPR, Frédéric Campagna took the time to give us a word on the subject in this video.
How can we prevent data protection from being perceived as a constraint for teams?
It’s a real subject. Data protection becomes problematic when it unnecessarily complicates uses.
The objective must be the opposite: to protect without slowing down, and to protect in order to move forward better.
At Letsignit, for example, everything related to security, such as 24/7 monitoring, automated alerting, internal audits or intrusion tests, is taken care of without creating any operational burden for customers or our employees.
For companies, this means that we must favor organizations and solutions that integrate these issues upstream, rather than passing them on to users.
Does this approach explain the adoption of Letsignit by large organizations?
Yes, very clearly.
Letsignit is now used by groups like Vinci Energies, ONET, Edenredfrom sectors particularly sensitive to data protection.
These are organizations that operate in complex environments, often multi-entity and multi-site, with high stakes in terms of security, compliance and operational continuity.
For them, data protection, reliability and risk management are not optional.
If our solution is deployed on a large scale in these contexts, it is because it was designed to meet this level of requirement from the start.
How does this requirement translate concretely into the Letsignit solution?
It is integrated into the heart of the product.
Letsignit is the creator of the first Outlook add-in, co-built with Microsoft USAand we have been a preferred partner of Microsoft for over 10 years.
This close collaboration with the Microsoft ecosystem allows us to offer a solution natively aligned with high security standards, capable of serving millions of users around the world.
You mention security standards that are among the highest on the market. What does this imply on a daily basis?
This first involves recognized standards. Letsignit is today the first French solution for managing doubly certified email signatures ISO 27001 and ISO 27018and this for four years.
But beyond certifications, there is permanent vigilance, linked to the very nature of the channel that we operate.
THE Email is one of the most sensitive business assets : it concentrates personal data, strategic exchanges and constitutes a privileged attack vector.
This is why security at Letsignit is based on 24/7 supervision, automated alerting, regular internal audits and recurring security tests.
We also conduct intrusion tests and recurring attack simulations with an international community of white hackers.
The idea is to never take security for granted.
What about data hosting and localization?
For our European customers, data is hosted exclusively in France and Europe, on infrastructures compliant with the GDPR.
It is a strong choice, which meets the expectations of many companies in terms of sovereignty, transparency and control of data.
Here again, these are often decisive criteria, particularly for the most exposed organizations.
Looking back, what really sets Letsignit’s approach apart?
Consistency over time.
Letsignit has 12 years of deliverability, more than 6,000 customers and deployments in very complex environments.
This experience allows us today to offer a solid, proven and scalable data protection approach, which goes well beyond a simple regulatory framework.
What is your role today as DPO in this organization?
My role is to guarantee the overall consistency of this approach over time.
Data protection is constantly evolving, as are uses and technologies.
The challenge is to maintain this level of requirements, to support the teams and to ensure that data protection remains a natural reflex, not a constraint.
A message to remember on the occasion of International Data Protection Day?
Data protection should not be thought of as a minimum to be achieved, but as a standard to aim for.
When it is integrated from the design stage and maintained over time, it becomes a real lever of confidence for all companies, whatever their sector or size.
To find out more about the Letsignit email signature solution, go to the company’s website!
