D

Corporate Responsibility

D.4

Ethical excellence inAtos’ sphere of influence

Atos

|

Registration Document 2016

89

D

Data Protection

D.4.1.2

[G4-16] and [G4-DMA-Customer privacy]

applicable globally. Its top management closely follows such

topics, is duly informed and gives orientations on these

challenges and opportunities.

adoption of new legislation (most notably the European General

Data Protection Regulation – the “GDPR”) present new

challenges and opportunities for Atos which perceives these

evolutions as welcome improvements to the legal regimes

Atos’ commitment to the protection of personal data is

long-standing and publicly known. The evolutions brought by the

compliant business practices will remain unchanged.

employees and clients remain strong as well as its involvement

and support to legislations and operational tools both offering

For these very reasons, Atos’ existing commitments towards its

strong levels of protection to individuals but also favoring

The first element of proof of this commitment is the dedication of

significant resources to the management of this topic.

Group LCM department and Group Security, significant resources

to the Group Head of Compliance – one of the key executives of

the Group Legal, Compliance and Contract Management (“LCM”)

department and an 80-member strong Personal Data & Privacy

Protection Organization, established in close cooperation by the

With a Group Chief Data Protection Officer, who reports directly

have been allocated to the management of the topic.

improve its efficiency and the reach of personal data protection

policies, practices and tools is a fundamental element in the

continued implementation and extension of this strategy.

This organization, which has been restructured in close

cooperation with the Group Security Organization in order to

commitments.

Atos’ focus is clearly on ensuring compliance with the legal

evolutions imposed by new rules and for this it will continue to

rely on what has made its strength over the past years, namely

strong and innovative policies, procedures, guidelines and

strategy and have proved to be an significantly positive tool not

only to justify international transfers of personal data within the

Group but also in strengthening Atos’ customers’ trust in the

reliability and compliant nature of its services.

The Atos Binding Corporate Rules (the “Atos BCR”) and of the

Atos Group Data Protection Policy remain at the core of this

employees of the Group who are required to complete their

mandatory e-learning module on data protection.

benefits from an in depth 11-hour training) or to all of the

Training remains another fundamental element, either to the

Personal Data & Privacy Protection Organization (which now

In 2016, 89% of Atos employees completed successfully this

Data Protection e-learning

[AO3]

.

Finally the deployment and use of practical and effective tools

such as Privacy Impact Assessments both for its own internal

projects and for customer projects has allowed Atos to remain at

the forefront of data protection compliance, even by anticipation,

integrating both the “accountability” principle (through a register

services.

of processes, etc.) and the data protection or privacy by design

approach in the creation and implementation of its systems and

did not receive any complaints regarding breaches for customer

privacy

[G4-PR8]

.

Indeed, this commitment continues to incite the Group providers

and clients to adopt similar standards of protection of personal

data, therefore creating a virtuous circle of compliance.

Furthermore and from an operational perspective, in 2016, Atos

The results of these commitments and principles governing Atos’

approach to the protection of personal data generate concrete

benefits both for Atos but also for its ecosystem generally.