D
Corporate Responsibility
D.4
Ethical excellence inAtos’ sphere of influence
Atos
|
Registration Document 2016
89
D
Data Protection
D.4.1.2
[G4-16] and [G4-DMA-Customer privacy]
applicable globally. Its top management closely follows such
topics, is duly informed and gives orientations on these
challenges and opportunities.
adoption of new legislation (most notably the European General
Data Protection Regulation – the “GDPR”) present new
challenges and opportunities for Atos which perceives these
evolutions as welcome improvements to the legal regimes
Atos’ commitment to the protection of personal data is
long-standing and publicly known. The evolutions brought by the
compliant business practices will remain unchanged.
employees and clients remain strong as well as its involvement
and support to legislations and operational tools both offering
For these very reasons, Atos’ existing commitments towards its
strong levels of protection to individuals but also favoring
The first element of proof of this commitment is the dedication of
significant resources to the management of this topic.
Group LCM department and Group Security, significant resources
to the Group Head of Compliance – one of the key executives of
the Group Legal, Compliance and Contract Management (“LCM”)
department and an 80-member strong Personal Data & Privacy
Protection Organization, established in close cooperation by the
With a Group Chief Data Protection Officer, who reports directly
have been allocated to the management of the topic.
improve its efficiency and the reach of personal data protection
policies, practices and tools is a fundamental element in the
continued implementation and extension of this strategy.
This organization, which has been restructured in close
cooperation with the Group Security Organization in order to
commitments.
Atos’ focus is clearly on ensuring compliance with the legal
evolutions imposed by new rules and for this it will continue to
rely on what has made its strength over the past years, namely
strong and innovative policies, procedures, guidelines and
strategy and have proved to be an significantly positive tool not
only to justify international transfers of personal data within the
Group but also in strengthening Atos’ customers’ trust in the
reliability and compliant nature of its services.
The Atos Binding Corporate Rules (the “Atos BCR”) and of the
Atos Group Data Protection Policy remain at the core of this
employees of the Group who are required to complete their
mandatory e-learning module on data protection.
benefits from an in depth 11-hour training) or to all of the
Training remains another fundamental element, either to the
Personal Data & Privacy Protection Organization (which now
In 2016, 89% of Atos employees completed successfully this
Data Protection e-learning
[AO3]
.
Finally the deployment and use of practical and effective tools
such as Privacy Impact Assessments both for its own internal
projects and for customer projects has allowed Atos to remain at
the forefront of data protection compliance, even by anticipation,
integrating both the “accountability” principle (through a register
services.
of processes, etc.) and the data protection or privacy by design
approach in the creation and implementation of its systems and
did not receive any complaints regarding breaches for customer
privacy
[G4-PR8]
.
Indeed, this commitment continues to incite the Group providers
and clients to adopt similar standards of protection of personal
data, therefore creating a virtuous circle of compliance.
Furthermore and from an operational perspective, in 2016, Atos
The results of these commitments and principles governing Atos’
approach to the protection of personal data generate concrete
benefits both for Atos but also for its ecosystem generally.