Worldline - Registration Document 2016

Corporate and social responsibility report Annex III - Being an ethical and fair good player in business

Data protection employees awareness A.4.1.2.5 pillar, developed a training targeting all Worldline’s employees to knowledge on the matter. Worldline has therefore, as a fourth be sufficiently addressed if its employees lacked awareness and Worldline is convinced that personal data protection would not employees attended mandatory online training programs particular domain of expertise. In 2016, 78% of Worldline trainings to point out the issues employees face in their create general awareness on the topic as well as more specific related to personal data protection. security measures globally. security and facilitate the broad adoption of consistent data was developed to encourage and enhance cardholder data The Payment Card Industry (PCI) Data Security Standard (DSS) As Worldline processes a huge quantity of cardholder data on keep its PCI-DSS certification. audited every year by a Qualified Security Assessor (QSA) to PCI-DSS standard. As a payment services provider, Worldline is behalf of many of their customers, it must comply in full with the PCI-DSS Standard A.4.1.2.6

be summarized as follows: The PCI-DSS standard consists of 12 main requirements that can Build and maintain a secured network; ● Protect cardholder data; ● Maintain a vulnerability management program; ● Implement strong access control measures; ● Regularly monitor and test networks; ● Maintain an information security policy. ● management and updating of many security measures. a review of the security policy and its application, and the Concretely, that means regular security training for employees, e-payment standards such as VISA and 3D Secure. clearing and settlement services are also compliant with major its e-commerce solution (SIPS). Now its acquisition, issuing, Worldline has been PCI-DSS certified for eight years. It began by remain at the forefront of data protection compliance. This is Privacy Impact Assessment has allowed the Atos group to The deployment and use of practical and effective tools such as made by anticipation and integrating both the “accountability” performing 100% of private impact assessments on critical part of its CSR ambition, Worldline decided to engage on and implementation of its systems and services. In addition, as principle and the privacy by design approach in the creation services by 2020. long termondata protection TRUST 2020: Worldline commits on the A.4.1.2.7

A

323

Worldline 2016 Registration Document