Richard Montbeyre

Experience

• 

  Cabinet d'avocats Teissonnière - Topaloff - Laforgue

  Jul 2005 - Dec 2005

  Intern
• 

  BNP Paribas

  Jan 2007 - Jun 2007

  Intern
• 

  Cabinet CAPRIOLI & Associés - Law Firm

  Nov 2007 - Jun 2008

  Intern

  - Writs of summons and submissions (online advertising)- Audit of Information Systems Security Policy in banking (electronic signature, archiving, etc.)

• 

  Alain Bensoussan - Avocats

  Oct 2008 - Jan 2009

  Attorney

  - Notifications to the CNIL, support to data privacy officers, audit of personal data processing activities- Compliance of websites with applicable regulations, general terms and conditions

• 

  HAAS Avocats

  Apr 2009 - Jul 2009

  Attorney

  - Compliance of websites with applicable regulations, general terms and conditions, license for further use of public data - Writs of summons and submissions (e-commerce, online sales and advertising )

• 

  CNIL

  Sept 2009 - May 2011

  Lawyer

  - On-site inspections (banks)- Formal notices: customer files, biometrics, e-commerce, data security- Sanctions (public warning against Acadomia in April 2010 -100,000 euros fine against Google in March 2011)- Emergency interruptions of processing activities (videosurveillance)- Litigation: defenses before the Council of State- Training: training provided to data privacy officers.

• 

  MetLife

  May 2011 - Jan 2016

  - Regional Privacy Strategy: emerging risk identification, localization of the global Privacy framework, reinforcement of the second line of controls, anticipation of the EU General Data Protection Regulation (GDPR), implementation of a transverse governance- Policies and Procedures: implementation of the global privacy and data protection policy, review of local procedures, identification and reporting of data breaches- Risk Assessment: review of key risk indicators, control activities, issues and action plans- Support to local operations: participation to local and regional privacy-related projects, legal monitoring- Reporting: communication to regional and global senior management Show less - Drafting / validating policies and procedures: complaints handling, subscription process, IT charter, code of conduct- Reviewing B to C (scripts, advertising, websites, general terms and conditions) and B to B materials (partnership agreements) - Consumer protection: sensitive complaints handling, implementation of PACITEL “do not call” list- Control: monitoring sales practice (telesales), data security and medical confidentiality- Public affairs: CNIL, ACP, DDPP, police, etc.- Employee training: data protection, fraud, anti-corruption, anti-money laundering- Data protection: notifications to the CNIL (data transfers outside EU) and to the Moroccan data protection authority (CNDP), recommendations about data privacy and confidentiality, internal network of correspondents, implementation of the “cookies” Directive, annual report, handling of requests to access, modify or oppose personal data. Show less

  • Regional Privacy Officer, Europe, Middle East and Africa (EMEA)

    May 2014 - Jan 2016

  • Compliance and Data Protection Officer, France

    May 2011 - May 2014
• 

  CNIL

  Jan 2016 - Sept 2017

  Head of Investigations

  - Management of a team of 20 lawyers and IT investigators- Coordination of investigations: identification of potential breaches of data protection laws, planning and proposal of sanctions, direct participation to key investigations- Anticipation of GPDR: key provisions review (joint operations, cooperation and consistency mechanisms)

• 

  BMC Software

  Sept 2017 - now

  Chief Privacy Officer & DPO

  - Management of BMC's Global Privacy Office, composed of a Senior Legal Counsel and a Paralegal- Deployment of a comprehensive GDPR Compliance Program to all business units, across 40 countries - Maintenance of BMC's EU Data Protection Binding Corporate Rules and successfull application for UK Binding Corporate Rules with the Information Commissioner's Office, approved in February 2024- Contribution to BMC's Security and Privacy ISO certifications (ISO 27001, 27017, 27018, 27035, 27701) Show less