“Countdown to ensure compliance with GDPR”
Amstelveen, 1 February 2016
Atos provides approach to ensure privacy and security of data
Atos, an international leader in digital services, takes the lead in offering a transparent approach about how consumers' privacy is respected. Facilitating a unified approach to privacy in Europe the Global Data Protection Regulation (GPDR)* is now close to being formally adopted in Europe. Compliance initiatives are governed by the board of directors and awareness and controls must be integrated in the DNA of the entire business, catalyzing behavior change among employees.
In the data protection landscape, a structured approach to information security is crucial. Protecting data by establishing and continuously measuring the level of information security is what Atos has done across all its Service Lines with its Information Security Management System. Atos in Benelux & The Nordics decided to unify this approach and acquire ISO27001 certification for all service lines and countries in the Benelux & The Nordics and obtained the certification end 2015. The harmonized Information Security Management System is now an important part in the governance landscape Atos has implemented to protect personal and business data.
Patrick Nolan, Senior Vice President & Chief Operations Officer at Atos in Benelux & The Nordics explains:
“Privacy is something that our customers and consumers care about. Organizations must have a complete picture of the data in their custody to be able to protect personal data and demonstrate compliance to clients, consumers and business partners. Data Protection is at the core of our compliance strategy and we provide operational and technical tools and support to ensure Atos stays ahead of market demands. We do the maximum to protect personal data and at the same time drive innovation”.
With rights come business responsibilities
- An organization must have implemented extensive, adequate measures to sufficiently protect personal information they are allowed , or instructed, to process. Data Breaches will need to be reported to data protection authorities as soon as they are detected. A Data Protection Officer must be appointed and interface with the supervising authorities.
- Failure to adequately protect personal data and comply with the GDPR could result in a fine of up to 5 per cent of the company's worldwide annual turnover.
- License to operate – it is an employee's mandate to be compliant especially when handling sensitive citizen data, so it's important to embed processes now as a daily occurrence.
Five steps to be ready for GPDR:
- Understanding Data Governance – before you embark on a compliance project it's important to have quality data to hand so you can understand the source of the data, which system or application it is held in and whether the information is accurate and complete. If third parties are involved, ensure contractual agreements are in place about the storage, use and ownership of this data.
- Design a Gap Analysis – organizations will already have a series of controls in place around privacy. However, when a new piece of legislation comes into force such as GDPR, it's important to assess which controls will suffice to meet the legislation and ascertain where the controls need to be expanded or improved.
- Design and implement Controls – once you've identified the weaknesses in your compliance process, for instance they could exist in your HR or finance department, you need to design and implement new controls to stem these gaps.
- Install Encryption Packages - this will help to ensure the secure storage or transfer of individuals' data whether it relates to a client, supplier or employee. There is still a privacy risk potentially – if an individual uses that data for a purpose that was unauthorized.
- Proving Compliance and Traceability of Information – it's important to have all the data in place for all the questions compliance auditors may have. It is worth considering using a third party to play a quality assurance role before the auditors arrive to advise on any required preparation activity. We're helping global firms prove they are compliant, backed up by accurate and complete information.
Abbas Shahim, Governance Risk & Compliance, partner at Atos Consulting concludes: “ Given the criticality of data protection compliance it's important that not just technology processes are considered but also its integration with business processes and the information provision around it. Besides, it is obvious these days that poor cybersecurity is a threat to privacy. Atos applies a multi – disciplinary approach towards privacy analysis and impact, that is within its organization and that can help other organizations to stay on the right track of the forthcoming GDPR regulation”.
You are as strong as your weakest link
*The GPDR is a single law, applicable to all EU member states and aims to build trust within the region and align data protection with new technological developments like big data, cloud, social and mobile. The GDPR applies to any organization processing personal data of EU residents – even if they are based outside of the European Union. Personal data is basically everything about a person ranging from a name or email address to a photo posted on a social media site, whereas sensitive data such as medical records or financial details warrant a careful approach in particular. Implementing and maintaining an Information Security Management System (ISO27001) provides a significant contribution to protect data.
Atos SE (Societas Europaea) is a leader in digital services with pro forma annual revenue of circa EUR 12 billion and circa 100,000 employees in 72 countries. Serving a global client base, the Group provides Consulting & Systems Integration services, Managed Services & BPO, Cloud operations, Big Data & Cyber-security solutions, as well as transactional services through Worldline, the European leader in the payments and transactional services industry. With its deep technology expertise and industry knowledge, the Group works with clients across different business sectors: Defense, Financial Services, Health, Manufacturing, Media, Utilities, Public sector, Retail, Telecommunications, and Transportation. Atos is focused on business technology that powers progress and helps organizations to create their firm of the future. The Group is the Worldwide Information Technology Partner for the Olympic & Paralympic Games and is listed on the Euronext Paris market. Atos operates under the brands Atos, Atos Consulting, Atos Worldgrid, Bull, Canopy, Unify and Worldline.
For more information, please contact:
Jose de Vries
+31 6 30 27 26 11