The challenge
Between Senegal's law 2008-12 (CDP), GDPR as soon as you process EU residents' data, and sector-specific requirements, most organizations handle personal data without a processing inventory, current filings or documented legal bases. The exposure is legal, financial and reputational.
What we deliver
Processing inventory and compliant register (CDP + GDPR art. 30)
CDP filings and authorization requests
Privacy policies, contractual clauses and consent management
Technical security measures: encryption, minimization, access control, retention schedules
Outsourced DPO or support for your in-house DPO
Our method
Processing inventory through business interviews and real data-flow analysis.
Legal qualification: legal bases, transfers, processors.
Remediation prioritized by risk to data subjects.
Long-term anchoring: living register, training, annual reviews.
Who it's for
Any organization processing personal data in Senegal — banking, insurance, healthcare, telecoms, e-commerce — and any company targeting European customers.
Frequently asked questions
Does GDPR apply to a Senegalese company?
Yes, as soon as it offers goods or services to EU residents or monitors their behaviour — an e-commerce site shipping to France is enough. Local CDP compliance remains due in parallel.
What are the risks of breaching law 2008-12?
The CDP can issue warnings, formal notices, financial penalties and processing suspensions; the law also provides criminal sanctions, on top of lasting reputational damage.
Do we need to appoint a DPO?
It is mandatory in several GDPR cases (large-scale monitoring, sensitive data) and recommended by the CDP. An outsourced DPO pools expertise when a dedicated role isn't yet justified.
