Cybersecurity and Data Protection Collaboration in Marseille

The video features a discussion between Jérôme Podi, Chief Information Security Officer (CISO) of the City of Marseille since 2017, and Thomas Honette, Data Protection Officer (DPO) of the same city for the past 3.5 years, on their collaboration in cybersecurity and data protection. Their roles focus on securing the information system (CISO) and ensuring compliance with data protection regulations like GDPR (DPO), with both emphasizing the importance of mutual understanding and trust. Key technical details include log retention policies (e.g., proxy logs kept for one year) and incident response timelines (72 hours for DPO notifications under GDPR, 48 hours for CISO under NIS2). They highlight challenges like differing risk interpretations, such as the CISO’s preference for stricter security measures versus the DPO’s focus on data subject rights, though they resolve conflicts through prioritization and proximity. The discussion also covers hierarchical independence—neither reports to the other but both have direct access to senior leadership—and the necessity of technical curiosity for DPOs to avoid being misled by technical teams. Practical advice includes maintaining close communication and avoiding energy-draining disputes over minor disagreements.