GDPR
Mapping, processing register, DPIA, outsourced or internal DPO governance. In-house doctrine aligned with EDPB guidelines.
Atelier VincennesCompliance & risksince 2018
Atelier Vincennes
Counsel to executive teams on regulatory compliance — GDPR, AI Act, NIS2, DORA. Without handing over two hundred pages no-one reads.
01Manifesto
Complianceis not a deliverable.It is a behaviour.
We install it inside your teams. Not inside a binder. Once set, it survives audits, team changes, regulatory updates. The only compliance that lasts.
Four frameworks, one method.
AI Act
System classification, obligations per risk tier, technical documentation, AI governance set-up. Regulatory sandbox where relevant.
NIS2
Eligibility assessment, compliance roadmap, incident notification process, ongoing training of IT teams.
DORA
Digital operational resilience for the financial sector. Third-party mapping, penetration testing, business continuity plan.
Four people. No outsourcing.
Charlotte Vincennes
Senior Partner & co-founder
18 years in compliance, including 10 at Kroll and 5 at PwC France. Specialised in GDPR and data law.
Olivier Marchet
Partner & co-founder
Risk management and data privacy. Former CISO of a European banking group. CIPP/E, CIPM, CISSP.
Inès Belaïd
Senior Consultant
AI Act and algorithmic governance. Former CNIL officer, contributor to the AI working group.
Lucas Pereira
Junior Consultant
Sciences Po Paris, digital-law master. In charge of audits and processing mapping.
Four steps. Not one more.
- I
Diagnostic
2 to 3 weeks
Executive interviews, document audit, tool review. Written summary in eight pages, validated orally in two hours.
- II
Mapping
3 to 6 weeks
Processing register, data flows, third-party dependencies, risk level per activity. Operational deliverable, not a report.
- III
Compliance
8 to 16 weeks
Prioritised action plan, team coaching, in-house doctrine writing. We stay until it works without us.
- IV
Ongoing audit
yearly or biannual
Verification of installed compliance, regulatory updates, adjustments. Subscription-based, no surprise invoicing.
Three mandates, no NDA broken.
Anonymised identities, real numbers.
Aerospace · 1,200 staff
0 fine post-mission, 18 months on
Full GDPR register rebuild ahead of the CNIL sector inspection. Eleven sites, seven countries. Compliance reached in fourteen weeks.
Tech · 240 staff · series B
−68 % data incidents over 12 months
AI Act compliance on a recommendation product. Technical documentation, governance, model register. Funding round closed three months later.
Mid-cap private equity
47 portfolio audited in 9 months
Systematic GDPR audit of portfolio companies. Consolidated reporting to investment committee. Now standard practice for new acquisitions.
Six years, hard numbers.
47 Mandates since 2018
12 Sectors covered
0 Post-mission fine
8/10 Clients on ongoing audit
21 CNIL/regulator audits passed
98 % Satisfaction score, 2025 survey
What we write, what we say.
- White paper The AI Act in practice: a guide for European CIOs Atelier Vincennes & APEC 2025
- Op-ed NIS2: why 80% of eligible companies don't know they are Les Échos 2025
- Article Mapping GDPR processing in six weeks, not six months Harvard Business Review France 2024
- Interview Charlotte Vincennes: compliance as competitive edge France Inter — La Tête au Carré 2024
- Book Behavioural compliance (Eyrolles) Charlotte Vincennes 2023
Rare transparency.
We tell you the cost before we start. Three formats depending on your need, ex-VAT ranges. No hidden quote, no billed day after the fact.
Fixed-fee diagnostic
€18,000 — €28,000 ex-VAT
Phase I only. Written summary + oral debrief. Outcome: go/no-go decision.
Time & material
€1,800 — €2,400 ex-VAT / day
Phases II and III by scope. Senior partner or senior consultant, transparency on assigned profile.
Ongoing audit
€950 — €1,400 ex-VAT / month
Phase IV on subscription. Includes regulatory watch, doctrine updates, two audits per year, limited hotline.
09Careers
We are hiring.
A senior compliance consultant (5+ years, CIPP/E or CIPM certifications welcome) to join our Brussels office. €65–85k salary, profit-sharing with firm results.
Send an application → 10First meeting Thirty minutes,
Thirty minutes,
off the clock.
We look at your situation, we tell you frankly whether we are the right firm, or not. If not, we point you elsewhere. No obligation, no commercial follow-up.
Book a meeting →Three offices.
Paris
27 rue de Marignan
75008 Paris
Toulouse
8 place Saint-Pierre
31000 Toulouse
Brussels
Avenue Louise 240
1050 Brussels
+33 1 84 — — — — bonjour@atelier-vincennes.com
// TECHNIQUES Techniques used in this demo
List of patterns implemented. For each pattern detail, see the Techniques page.
- Typographie Cormorant Garamond serif éditorial
- Eyebrow avec numérotation 01—11 (tabular-nums)
- Grille 2x2 expertise sur fond graphite avec dividers acier 1px
- Cards portraits N&B avec hover désaturation
- Méthode en colonnes avec dividers verticaux
- Études de cas avec border-left accent + metric oversized italique
- Chiffres clés en grille avec borders fines (tabular-nums)
- Liste éditoriale dense type Harvard Business Review
- Tableau honoraires transparent (3 packages)
- Palette cool unifiée (graphite · ardoise · acier · ivoire · papier · teal)
// WHY
Interested in this style?
Let's talk. We'll shape the universe, motion and performance together before any quote.
Free intro call // LABORATOIRE