GDPR a journey to compliance
GDPR, a challenge at the heart of digital transformation
Intended to update, strengthen and harmonize rules concerning the use of personal data to protect better individuals, the General Data Protection Regulation (GDPR) was adopted on April 27th 2016 by the European Parliament.
Starting May 25th 2018, it will be imposed on all companies of more than 250 employees which processes personal data (physical, cultural, social…) regarding European citizens, whether it is about customers, suppliers or collaborators.
GDPR introduces new regulations concerning personal data management and protection and it strengthens consumers’ rights. Furthermore it imposes to communicate any personal data breach to authorities as soon as possible and by default less than 72 hours. Hence it gives citizens the possibility to ask for legal redress for the damages caused by the absence of adequate measures (encryption, anonymization…). The non-compliance penalties can reach 4% of the company’s global annual turnover or 20 million euros. In case of failure, the total invoice could cost a lot. All companies are involved, regardless their nationality or location, or whether they are owners, users or simply host the concerned personal data.
GDPR also requires the appointment of a Data Protection Officer (DPO), who will be the correspondent of supervisory authorities and set up required devices and processes. Indeed the company will have to collect the “positive and explicit” consent of the person, erase (right to be forgotten, right to portability) or restore his/her data to his/her request, and estimate the impact of any activity or new project in order to implement protective measures since the design (privacy by design).
GDPR: a procedure, not a project
GDPR constitutes a considerable upheaval for companies because, besides organizational processes and security controls to be set up, it imposes to have a dynamic approach.
The challenge is not about being compliant on May 25th 2018
but to still be thereafter…
In a perpetual changing environment, where data plays a central role, it constitutes a major stake for company and it is put at the very heart of its digital transformation. More than a project, to be compliant to GDPR is a matter of global and structured long-term procedure.
We have developed an End to End approach to help organizations assess their current GDPR readiness and identify the organizational & technical changes necessary to implement a GDPR compliant data management lifecycle.
Our GDPR Solution Brief, provide a detailed overview of the GDPR requirements & Atos approach to GDPR compliance.
Our cybersecurity Bull solutions are essential to protect personal data from unauthorized use & access.
For optimum security without damaging productivity, Bull’s solutions let you restrict access to systems, applications and data only to authorized personnel, according to their job roles within the organization. The Evidian Identity Governance & Administration product suite is a comprehensive, integrated digital identity lifecycle management solution. Evidian softwares enable you to rationalize your security policies and facilitate access via single sign-on.
Bull is one of Europe’s leading specialists in encryption protecting the confidentiality of your sensitive data. The Group’s range of Hardware Security Modules (HSMs), including TrustWay Proteccio and crypt2pay, comply with numerous international standards and certifications: Common Criteria, PCI HSM, FIPS, MEPS… GDPR EU Regulations
- Data breaches Detection & Notification
With over 14 SOC (Security Operation Center) worldwide, Atos is more than ever well equipped to protect its customers’ core business from cyber threats, with continuous monitoring of security events, detection of cyberattacks in real time and fast response to neutralize security incidents.