Thibaut De Vylder, PDG de dFakto, a répondu aux questions de CIO Applications Europe sur le GDPR / RGPD. Cette nouvelle réglementation est une réelle opportunité à saisir pour se conformer à la réglementation et améliorer la performance des entreprises ! Pour découvrir l’article, cliquez ici !

La nouvelle Réglementation Générale sur la Protection des Données ouvre une nouvelle ère dans les réglementations concernant les données. Elle touche l’ensemble des entreprises qui collectent et traitent des informations en Europe ou sur des citoyens européens.

Chez dFakto nous pensons que la mise en conformité de nos clients est une réelle opportunité pour leurs entreprises ! Elle permet d’améliorer la qualité des données collectées et de convertir les données en informations à haute valeur ajoutée.

La mise en conformité GDPR/RGPD permet également de se positionner comme une entreprise responsable et fiable qui respecte les données privées et sensibles de ses clients, de ses employés et de ses partenaires !

Dans le processus de mise en conformité GDPR, de nombreuses entreprises sont confrontées à une charge de travail inattendue liée au GDPR. Les solutions dFakto permettent d’automatiser les processus et de diminuer la charge de travail qui pèsent sur votre responsable de la mise en conformité.

Pour relever ce défi, dFakto a mis en place un écosystème complet qui permet de répondre à l’ensemble des besoins GDPR ! De l’évaluation des besoins à la mise en conformité en passant par la formation de vos collaborateurs, quel que soient vos besoins, nous avons la solution adaptée pour y répondre !

Si vous voulez en savoir plus sur les solutions GDPR de dFakto, cliquez ici!

dFakto est fier d’intégrer le TOP 10 des solutions GDPR/RGPD établi par le magazine CIO applications !

La solution tout en un GDPR/RGPD n’existe pas ! C’est fort de ce constat que dFakto a développé une solution agile et innovante en s’appuyant sur son expertise reconnue dans le pilotage de la gouvernance !

Pour être efficace, la conformité au GDPR/RGPD doit être évaluée, pilotée aux différents niveaux de l’entreprise et mesurée en continu.

La solution GDPR dFakto intègre l’ensemble des modules indispensables pour réussir votre évaluation et assurer votre conformité dans le temps ! Grâce à des partenaires stratégiques, la solution dFakto intègre les modules essentiels pour assurer la gestion du GDPR et des normes et réglementations qui touchent votre entreprise.

C’est en combinant une expertise reconnue avec une solution flexible et évolutive, que dFakto a intégré le TOP 10 des solutions GDPR ! 

Découvrez l’intervention du CEO de dFakto Thibaut de Vylder pour CIO applications. 


Assurez votre conformité GDPR grâce à la solution dFakto en cliquant ici ! 

Quel est le lien entre le management par les données et l’intelligence artificielle.

Thibaut de Vylder, CEO de dFakto a répondu à cette question lors du DI Summit 2018 ! Découvrez son intervention en vidéo !

Depuis maintenant plus de 18 ans, dFakto accompagne ses clients dans la gestion de leurs données : du pilotage de leurs projets à l’analyse des résultats, en passant par la digitalisation du pilotage de leurs opérations.

Dans différents domaines, nous permettons à nos clients de gagner en productivité tout en consolidant des données de qualités indispensables au fonctionnement de leurs activités.

Ces données de qualité sont le carburant qui fait tourner l’intelligence artificielle !

En créant des indicateurs à haute valeur ajoutée, en analysant le passé pour anticiper l’avenir, nous sommes convaincus que l’intelligence artificielle est réellement intelligente quand elle soutient le management et l’entreprise.

The general data protection regulation will come into effect on May 25th, which underlines the importance of establishing a strong data culture within each company.

For Thibaut De Vylder, CEO of dFakto, the findings are not appealing: « Many organizations are still doing gap analysis, and too few have started the actual shift to implementation. It is only the implementation planning and rollout that makes it possible to understand the scope of the work to be performed. »

In this type of regulation activity there are three obvious phases: « Assessment”, “Implementation” and “Operationalization”. Currently, all the activity we’re seeing is organisations focusing primarily on the assessment, especially focussed on legal analysis of the contracts of their customers, focussing on the right to use the data, etc.  At the same time, security specialists analyze the infrastructure, the network, the way the data is stored, along with many generalist consultants help to produce of the gap analyses between the current and target regulatory compliance situation. The purpose of all these typical analyses being that each company makes only an inventory of the management of personal data within their activities. »

Beyond the theory

Aligned to these three types of assessment actors, there are tools to support their outcomes, but these are constrained to the theory rather than the practice of actionable GDPR. « Hence the interest to move past this to the action stage, » continues Thibaut De Vylder. « There are implementation guidance solutions, such as GDPR360, that are designed for lean simplicity and are particularly designed for tracking the tasks to be performed, and associated risks. In addition, controls are carried out on the basis of the data deemed sensitive and which will make it possible to detect the noncompliant data and suggest the precise actions to make them conform to acceptable tolerances. »

The goal is to facilitate & drive a true data culture: the lean nature encourages each employee to contribute and become a « data citizen » in the company and seamlessly take on his or her responsibilities in relation to the data. Further regulations such as e-Privacy will only reinforce the requirement for these responsibilities.

A strong signal

Nevertheless, it is clear that « there will be a transitional period, the communication at the base was not necessarily very clear, » says Thibaut De Vylder. « GDPR is a good practice and sends the signal that we will not be able to do anything without asking people for their consent. The digital image of people is increasingly used for decisions that concern them. Hence the importance of restoring the management of this image to the people in whose hands belongs. »

Source: Thibaut De Vylder interviewed by Olivier Clinckart translated from

Nixxis’s advanced Contact Suite is a visionary and flexible solution that has been designed anticipating all future needs of contact centers in terms of customer interactions (phone, email, chat, sms, social networks). 80% of Nixxis’s customers report up to 20% increase in productivity and profitability. By promoting dFakto’s GDPR 360 application suite, Nixxis is probably one of the first that brings GDPR compliancy as a competitive advantage !

GDPR concern worldwide business which handle private data on EU citizen.

While you are a Data « Controller » or « Processor » you now have obligations and rights towards Data subjects and Authorities.

As a Data Processor, Nixxis needs to be aligned to its customers obligations as Data Controller and therefore has decided to implement dFakto GDPR 360 to manage the day to day operations maintaining GDPR compliance.

A Data Processor may only operate on behalve and according to the Data Controller’s instructions. The Data Processor may suggest processes improvements and data quality checks regarding GDPR compliancy but may not implement them without the approval of its Data Controller.


When facing GDPR, most organizations are focusing on the assessment rather than on the GDPR implementation & operations.

gdpr image2 540x304 540x304 - dFakto is proud to announce a new partnership with Nixxis regarding GDPR compliance.

Those organisations are supported by Law firms for their legal framework, Security firms for their security frameworks and/or GDPR consultants to produce DPIA’s (Data Protection Impact Analysis).

Where are you in your process to be GDPR compliant? Is your assessment done? Have you already set up an operational solution to manage your daily actions once GDPR is in application?

Regulations come into effect in less than 3 months or 80 days from now! After that, the full force of the law comes into effect.

Before May 25, 2018 performing an impact assessment was adequate, but after this date, every bit of Personally Identifiable Information (PII) across the business must be accounted for and managed, to avoid very real fines.

This is a game changer. It is no longer adequate to simply have ‘accounting-like’ procedures in place – the actual PII data must be managed and the business is accountable for it directly.

GDPR is fundamentally a highly evolutive data management challenge. The GDPR solution requires an agile data approach.


Turn the GDPR obligation into an opportunity and a competitive advantage with dFakto’s GDPR 360 !

With more than 17 years of experience, dFakto is a company that specialises in sourcing and collating data so that senior managers can more easily identify actionable insights to drive their business forward.

Discover dFakto’s GDPR 360 operational solution to effectively manage daily activities and stay secure regarding risks and costs exposure.

dFakto provides with the best agile GDPR 360 solution and services available on the market. It will tackle this impactful legal obligation in an innovative, cost effective, incremental and sustainable way.

Our innovative GDPR 360 solution addresses the GDPR post-assessment implementation & operational challenges.

GDPR is coming fast now. Are you ready ?

dFakto ecosystem provides a complete GDPR value chain from assessment, implementation to daily operations to maintain compliance.

Visit our website, download our white paper or contact us to get a demo and a GDPR 360 pricing.


Many organizations are still in the assessment or gap analysis stage. These are the plans to build the house, a beautiful architectural sketch but no more, illustrates Thibaut De Vylder who is CEO of dFakto. « Build the foundations, mount the walls, choose colors and the moving date? No specific plan, no budgets, people assigned. Everything remains operationally vague with the completion of the assessment. With GDPR360, dFakto offers a solution to support the implementation and structuring of the necessary GDPR operations.  »

The proposition was born from a statement: In the analysis phase, organizations are most often supported by law firms for the legal framework and by cybersecurity specialists, or even GDPR consultants for the GDPR. produce assessments and DPIA (Data Protection Impact Analysis). « In short, so far we produce paper, a lot of papers”, continues Thibaut De Vylder. “And often, I find that these analyzes are not very concrete and lack granularity … To do well, by treatment, one must at least identify risks, the actions to reduce them, and allocate responsible persons and deadlines. I come back to the image of the sketch. It is not with a sketch that we will build the walls of the house in which we will live every day. You need a plan of execution and good tools to follow up on it!  »

For dFakto, the presentation of the GDPR they have seen in most seminars does not provide an answer. There are principles such as deadlines for notification or the right to be forgotten, and also about controls and sanctions, which are in fact, these new realities. Unfortunately, it is the idea of risk ​​constraint that dominates, and who, therefore freezes initiatives. However, getting in line with the GDPR can be an especially great opportunity to regain control of organisational data collection and its exploitation, to improve not only the quality of treatment, but especially its value. In this sense, the European regulation is a governance project and opportunity for proper Data Management.


GDPR is fundamentally a very scalable data management challenge. The GDPR360 solution requires an agile data approach to implement technical or organizational measures, with human responsibilities to define, apply, and verify that they are met. This is a central point of data governance because data governance is not a computer problem – far from it! And so you need an easy-to-use solution. « In GDPR360, we use various intuitive highly visual indicators, such as weather pictograms, » adds Thibaut De Vylder. The goal is to get users to adopt and register the GDPR within a continuous cycle of improvement.  »

Anomaly reports, analysis, dashboards are evaluated and re-evaluated; new tasks emerge as new risks are identified, assessed and communicated in an updated version of the DPIA(s). The evolution of the progress of the tasks and the evolution of the risks is permanent and continuous. The solution is agile and easy extensibility to other data sources and their respective compliance issues; the dynamic architecture ensures that the new features will not jeopardize what is already in production.

Following a quality assessment, the GDPR360 solution can be deployed in less than one month on the basis of a fixed price for 4 data sources (even more optional), followed by a monthly payment showing the hosting costs, license (SaaS) and support; a budget that can be shared for small businesses. In addition to companies managing personal data of their customers, suppliers … (Data Controller), dFakto has already familiarised many providers in marketing, human resources, IT services, actors in the world of associations and trustees (Data Processor). And, of course, the DPOs who can operate the solution in as-a-service mode on behalf of their own customers; they can therefore focus their activity on piloting and deploy several customers in parallel, at scale.

The GDPR360 solution is fully aligned with and complementary to the methodological recommendations of the CNIL (National Commission Informatique et Libertés) in France, the Commission for the Protection of Privacy in Belgium, the National Data Protection Commission of Luxembourg and, of course, the European Regulation.

The GDPR360 application provides a point-by-point response to GDPR requirements. For example, the requirements for mapping sensitive data, maintaining a processing register and setting up internal procedures to guarantee data protection are one of the founding principles of data governance; the priority management system to comply with present and future obligations is « covered » by the data management strategy, which consists precisely of prioritizing and focusing data management efforts; the risk management system, the privacy impact assessment and the documentation needed to prove compliance are also included by default in a data governance approach.


To hear Thibaut De Vylder, it is therefore a continuous project, the date of May 25, 2018 not being the date of arrival, but the starting point of a constant process of improvement. Also, the primary mistake would be to resort to a « stirring the nest once” method, which has only short-term impacts. In summary: you should not make each service involved in data processing think about a collection of all their systems once and compile everything to enact risk-reducing rules once, as quickly as possible … this is a limited approach. If at first glance, it may seem sufficient, it nevertheless presents many weak points: a « siloed » version of things, an “audit” to be repeated periodically (in reality, with every new treatment as it is imagined, if we want to stay in compliance), no analysis of the impact of these changes on the operational data flow and therefore a real difficulty to carry out impact studies on privacy … At the end, the possibility -without doubt you will be « in the nails » of the European regulation, but at the cost of significant effort in the case of a manual treatment without the least return on investment expected from this tedious building site approach. Worse: the “repeated audit” approach risks « sterilizing » the company’s data strategy. And it misses the principle of « GDPR by design » …


Data governance is not just another way to get ready on May 25, 2018. Its benefits extend well beyond the scope of the new EU Data Protection Regulation. Joining this approach will enable organizations to adopt an evolutionary approach to the exploitation of personal data. In case of new regulatory developments, it is important to have a sound basis « in the knowledge of personal data, tools and methods” to comply smoothly. No need in the future to start identifying personal data, their location, their path in the systems. It’s already done, and kept up to date by design by data governance.

Good governance also helps to instil a true « data culture » into the company and especially to make it leave the sphere of influence of IT. « A data governance deployment is considered successful if everyone’s behavior becomes natural and virtuous with respect to data, » says Thibaut De Vylder. This is of course not just in relation to personal data. Corollary: there is more to data management than  having a DPO on one side playing ‘Mr Compliance’ and on the other side, departments that use data in their own isolated way… but we need empowered users, ‘data citizens ‘at the service of their organization by using, on the one hand, the data in a more efficient way (simplification of the treatments, automation manual work, reduction of the costs …) and, on the other, by allowing them to grasp more easily new opportunities for using data in a digital world (impact on sales, revenues, co-creation of new products and services …).


Data governance is a subject in which dFakto has excelled for 17 years. In addition to GDPR360, which responds to GDPR’s post-audit implementation and day-to-day operational challenges, the same application principles that exist in GDPR360 can also handle other types of compliance such as ISO27001, ePrivacy, and more. With the same principle, dFakto has also developed Transformation360, a globally recognized management solution for managing and analyzing complex program and project portfolios, and Client360, which provides a complete ‘client-centric’ view of truth about the customers. « We are a specialist in piloting cross-functional initiatives in large institutions like BNP Paribas Groupe, with more than 15 major programs run in parallel, some of which have more than 3,400 projects and 1,200 programs monitored at high frequency », insists Thibaut De Vylder.


With its GDPR360 capability, dFakto offers a real solution to companies both as data controller (Customer) and data processor (Supplier, we think for example non-compliant software publishers), both of which have inherited new rights and obligations, at both Supervising Authorities and Data Subjects. Thus all the providers who manage private data on behalf of a customer can assume their responsibility in accordance with the legislation and also offer this assurance to their customers. In order to be compliant themselves, many customers are currently verifying the compliance of their subcontractors, and this solution makes it possible to manage several data sources for both parties, even distributed or relocated.


Starting from this new legislation, different types of actors have been profiled to meet the first needs of assessment and dFakto is producing a wider ecosystem, an end-to-end solution, bringing together several complementary quality players. dFakto offers its solution to its customers both directly and indirectly via resellers, either in its name or in white label. For small businesses, a mode of mutual-use of the implementation is also possible. Finally, the DPOs are not left behind since the proposed technology allows them to consider themselves as « Augmented DPO », allowing them to manage their customers more effectively by providing them with additional added value in terms of reducing the cost of managing their customers’ conformity.

Source: Thibaut De Vylder interviewed by Alain de Fooz translated from



As the rules of business are being rewritten on quarterly basis and available data grow exponentially, organisations are feeling the need to become data-driven.

They want short term results using data today and produce new value propositions for tomorrow. They also want to decide using facts and analysis instead of guts feelings.

They are looking for game-changing approaches to make this happen, such as:

a data-driven framework that encapsulates existing and future technologies and complies with upcoming challenges (GDPR, AI…)
new data-driven management skills required to implement and run & maintain these solutions
to do it in a cost-effective, incremental and sustainable way

Thibaut De Vylder has shared, during the Data Summit which took place on the 17th of November 2017 in Brussels, how we have used these approaches to drive innovative data-driven solutions in organisations independent of their size, complexity or industry

Wouldn’t you like to have all of your processes working synchronously off of a conformed set of Master Data?

With a bit of ambition, you may even envision parallel processes utilizing this master data to harmonize the customer and business experience into something more efficient. If you’ve tried, I bet you’ve found that it’s like herding kittens. The moment something changes, synchronisation becomes an issue because so many departments have very particular perspectives on Master Data.

If you could easily achieve a Master Data ‘golden record’, the customer experience would be an evolving seamless experience. In terms of record capture and utilization, there would be the real possibility of running parallel business processes. It would reduce customer-perceived response timings for fulfillment or for single sign-on!

But what if one of your processes needs a modification due to internal or external influences?

Maybe you will need to capture additional information due to company structural transformation, or limit information capture due to regulation. Perhaps you have acquired a new business asset which is producing or consuming additional data that requires that you rethink your data model.

Your business process driven data capture and MDM (Master Data Management) is now in a state of change. This puts the overall data system at risk of coming out of not reflecting reality.

At the very least it must be scrutinized for impacts of change.

Build change into the heart of Master Data

MDM is clearly achievable if you can harness change, but change is a big challenge. You first have to hit upon an approach that incorporates change into the heart of data management, and that keeps up with your processes changes. If you don’t, then there is an implicit resistance/latency to between reality and your concept of Master Data.

If you are using old « Star-Schema » or « Inmon » approaches, the changes you need will take some time. Probably a lot longer than you expect if you’ve had the experience of most enterprises.

These approaches are broadly accepted as ‘tried and tested’ largely because they have been in the industry for several decades. However, we all know that longevity is not the same as suitability. The level of change we are experiencing today was unthinkable when these older methodologies were conceived. Plus, we’ve even moved on from their updates (read this for more).

If your goal is to allow your business processes to change without affecting your MDM integrity, then you need a methodology which locks in data. It remains trustworthy, while flexing to accommodate changes and updates.

If you can achieve a system of record that achieves both this stability and flexibility to feed your MDM, then you are on the path to a sustainable system of record upon which to build your current and future MDM and synchronised processes.

Virtualized perspectives of data history

Data Vault is the methodology that is increasingly being adopted by perceptive companies who realise that change is inevitable and who embrace it. Data Vault is a discipline which is a hybrid of the old « Star-Schema » and « Inmon » techniques. In fact, it is more closely related to modern « Graph » structures which capture both structure and relationship to reduce the impact of change seen in old approaches. By separating out concerns of structure and relationship, change becomes a fluid part of the model.

Consequently, changes DO NOT impact on current data, introducing finely tuned control.

Or find out more from our friendly team of business and technical experts at or +32(0)

Our CEO has a habit of meeting interesting people …

A chance meeting with a Forbes journalist – in the back of an Uber taxi in Lisbon (on the way to the Web Summit) – worked out rather nicely for dFakto.

This short Forbes article of November 8, 2016 neatly covers the reasons dFakto’s programme/project management tools are so successful … limit the number of KPIs you track, make it easy for managers to report their progress and explore new ways of making your progress visual – think 3D printing and virtual reality – so that everyone can see and touch the changes that have been realised. Read it here.

At dFakto we recently celebrated our 16th birthday, a day where our CEO, Thibaut De Vylder, stopped for a moment to share with you what he has learned from the past 16 years and what we are looking forward to in the future:

16 years ago… it seems to me as if it was only yesterday« .

When you really take the time to look at all that has changed since then, I dare to suggest that we have seen and experienced a huge number of evolutions, both technical, with the rise of the internet and the fact that the whole world can now communicate in real-time, as well as in business, where everybody has been forced to move to some kind of a digital transformation. I think we can all say, without any exception, that the company we work for (or with) has been deeply impacted over the past decade and more.

It’s strange, particularly if we look at the latest buzzwords like big data, digital transformations and digitalization, how today so many companies still work with excel sheets and manual data imports and have a team of several dozen back-office employees working on updating and integrating data.  And it is not rare to hear people say they work for a dinosaur that is still stuck in the Stone Age.

In 2000, when I started Deployments Factory we already worked with data, so over the years we have learned a lot about bits and bytes, but also about information and insights, about decisions and plans. So let me share with you what I think are the 2 most important things you need to focus on when you want to drive your business forward today.

First of all, you need to be aware that the decision making process has radically altered. For those born before the 1990s, we all remember what it was like when we first started to work. The guys locked away on the top floor of the building took decisions and you were required to follow these without asking too many questions.

Luckily – in the meantime – decision-making has become a circular process. It’s now the case that everyone listens and talks to each other. We now have a situation where the people who are executing are listening to those in charge, and that the ones making the decisions are listening to their people. Companies that refuse to adapt their decisions based on the information coming up from those doing the work will soon come to realize that they’re steering their business blindly.

The second insight I would like to share with you comes from this circular process. As a decision maker you need to be aware that the data that is flowing around your company needs to be enhanced and enriched or even adapted along its path. For often, data that is pushed from the ground level up needs to be transformed into understandable information. It is then this information that generates the insights, the insights that lead to decisions that will later be transformed into plans, and plans into action – and you’ve guessed it, these ‘actions’ then generate more data. And so we’re back at the beginning of our circle.

It goes without saying that if we want to keep track of this circular process we’ll need governance, more agile processes and scalable and flexible technology.

And that’s what we at dFakto have been focusing on for the past 16 years. If you look at the offer that is available on the market you’ll soon come to realize that you can find lots of specialized companies that will either help you with governance, with the analysis and strategy, with the supporting software, or even body shoppers that will run a tool for you.

At dFakto we have focused on offering an integrated solution: a solution that can be a one-stop-shop for you.

To this end we have tailored our approach to meet your specific business needs. We’re focusing on solutions within four service lines: Transformation Success Management, Customer Success Management, Risk Success Management and Financial Success Management. Each of them concentrates on the real needs of CEOs, COOs, CMOs and CFOs. And if your C-title isn’t here, please mail me and we’ll find you a spot!

I, and all my colleagues working at dFakto, work with the same belief … we want to make sure that our solutions will make you autonomous in the everyday management of your data.

I see some of you already thinking that I’m some kind of a philanthropist, but I can assure you I’m not.  We believe that we need to deliver the solutions you need today knowing that we are already working on the solutions you might need tomorrow. We want to work with you as a reliable partner and offer you the necessary flexibility and scalability, so if you face a new challenge tomorrow, you will have our services and solutions top-of-mind.

So what makes us unique? First of all, of course, it’s our people. We’re a team of 45 and I’m proud to be one of them. We have a large pool of business specialists that know your problems because they have either lived them themselves or have worked with other customers in the same position. Because rest assured, you’re not the only company that has issues. But what’s different about dFakto over other consulting firms is the fact that almost half of our team are tech specialists who actually get out from behind their screens and meet our real clients.

Then there is the governance. Remember when I explained that decision-making has become a circular process? Well over the years, we have built the necessary experience to help you implement the right processes at every stage. And of course there is our technology. We’ve built a tool that can manage all your data-based requests. It’s modular, it’s techno-agnostic and it can link with any kind of in-house technology you use.

But finally – when all is said and done – it all starts with your data. »