With the entry in force of the GDPR (General Data Protection Regulation), Open and its subsidiaries (hereafter “Open”) wish to inform you of the actions taken in order to comply with the new regulations for processing the personal data of its clients and employees.
As a reminder, the aim of European Regulation 2016/679 of 27 Avril 2016, known as “GDPR,” is to harmonise and reinforce European legislation related to the storage, processing and circulation of the personal data of natural persons. It applies to all companies established within the European Union that collect, process and store personal data whose use may directly or indirectly identify a person, as well as to their technological partners and software providers. It also concerns companies located outside of the EU that propose goods and services or that collect data related to European citizens. The Regulation will come into force on 25 May 2018.
Open has always attached importance to the processing and circulation of both its clients’ and employees’ personal data. In 2015, Open appointed a Data Protection Officer (DPO) responsible for independently overseeing the internal application of personal data protection principles for employees, clients or applicants. Since May 2017, Open has been rolling out the GDPR project under the joint responsibility of the DPO and the Chief Information Security Officer (CISO) who have, in particular, undertaken the following work:
- A mapping of the company’s personal internal and external data. This mapping has confirmed that our processing does not concern the particular categories of data under Article 9 of the GDPR, but rather “non-sensitive” personal data (name, first name, e-mail, telephone, position).
- The finalisation (ongoing) of a single registry of personal data and processing,
- Ongoing Data Privacy Impact Assessments (DPIA)
- Regular awareness-raising communication to all employees regarding information system security measures. GDPR-dedicated communications are being rolled out.
- New processes have been put in place so as to guarantee personal data protection; different committees will ensure compliance with these processes.
Finally, please rest assured that Open is committed to a continuous approach to securing its information system by guaranteeing the protection of the personal data of its clients and employees, and to doing this in particular through its recent ISO 27001 certification.