Atos - Registration Document 2016

D Corporate Responsibility

D.4

Ethical excellence inAtos’ sphere of influence

Data Protection D.4.1.2

[G4-16] and [G4-DMA-Customer privacy]

applicable globally. Its top management closely follows such topics, is duly informed and gives orientations on these challenges and opportunities. adoption of new legislation (most notably the European General Data Protection Regulation – the “GDPR”) present new challenges and opportunities for Atos which perceives these evolutions as welcome improvements to the legal regimes Atos’ commitment to the protection of personal data is long-standing and publicly known. The evolutions brought by the compliant business practices will remain unchanged. employees and clients remain strong as well as its involvement and support to legislations and operational tools both offering For these very reasons, Atos’ existing commitments towards its strong levels of protection to individuals but also favoring The first element of proof of this commitment is the dedication of significant resources to the management of this topic. Group LCM department and Group Security, significant resources to the Group Head of Compliance – one of the key executives of the Group Legal, Compliance and Contract Management (“LCM”) department and an 80-member strong Personal Data & Privacy Protection Organization, established in close cooperation by the With a Group Chief Data Protection Officer, who reports directly have been allocated to the management of the topic. This organization, which has been restructured in close cooperation with the Group Security Organization in order to improve its efficiency and the reach of personal data protection policies, practices and tools is a fundamental element in the continued implementation and extension of this strategy. commitments. Atos’ focus is clearly on ensuring compliance with the legal evolutions imposed by new rules and for this it will continue to rely on what has made its strength over the past years, namely strong and innovative policies, procedures, guidelines and

strategy and have proved to be an significantly positive tool not only to justify international transfers of personal data within the Group but also in strengthening Atos’ customers’ trust in the reliability and compliant nature of its services. The Atos Binding Corporate Rules (the “Atos BCR”) and of the Atos Group Data Protection Policy remain at the core of this Training remains another fundamental element, either to the Personal Data & Privacy Protection Organization (which now employees of the Group who are required to complete their mandatory e-learning module on data protection. benefits from an in depth 11-hour training) or to all of the In 2016, 89% of Atos employees completed successfully this Data Protection e-learning [AO3] . Finally the deployment and use of practical and effective tools such as Privacy Impact Assessments both for its own internal projects and for customer projects has allowed Atos to remain at the forefront of data protection compliance, even by anticipation, integrating both the “accountability” principle (through a register services. of processes, etc.) and the data protection or privacy by design approach in the creation and implementation of its systems and The results of these commitments and principles governing Atos’ approach to the protection of personal data generate concrete benefits both for Atos but also for its ecosystem generally. did not receive any complaints regarding breaches for customer privacy [G4-PR8] . Indeed, this commitment continues to incite the Group providers and clients to adopt similar standards of protection of personal data, therefore creating a virtuous circle of compliance. Furthermore and from an operational perspective, in 2016, Atos

D

Atos | Registration Document 2016

89