The GDPR* came into force on 25 May 2018, requiring compliance on the part of businesses. The ALIPA Group is putting in place concrete measures! Interview with Fabienne Annet, Administrative Officer, in charge of the ALIPA Group’s compliance processes.

Q. Data protection legislation already exists. So why GDPR?

Fabienne Annet. “In the face of technological changes, such as the increased amount of personal data being generated and its resulting use, there is a growing need to improve personal data protection. As such, the purpose of GDPR is to standardise European regulations, make businesses more accountable and strengthen people’s rights.

Q. What steps are being taken within the ALIPA Group to comply with GDPR?

F.A. “We are following the plan proposed by the CNPD (Commission nationale pour la protection des données [National Commission for Data Protection]). After an information gathering and training phase, we identified our personal data processes. We are now in the risk analysis stage. We had a CASES diagnosis conducted to assess our systems’ level of security. We are obviously going to rely on their recommendations and also review internal processes, while remembering to properly document our compliance!

Q. In concrete terms, what measures are being implemented?

F.A. “Concrete tasks involve, for instance, drawing up our Information Security Policy and a statement of commitment from our contractors, who are also subject to GDPR. Finally, we strongly emphasize the importance of awareness among all staff across the ALIPA Group.

*General Data Protection Regulation written in full. The regulation applies to all European-Union-based businesses that are involved in gathering, processing and storing personal data, and those outside the EU if they target EU residents. Businesses are required to put in place new measures to ensure regularity when it comes to processing personal data.