3 minute read
Guaranteeing data protection as activities become more digitalized
The risk connected with the failure to protect personal data concerns all the Group’s companies and is particularly high for divisions whose activities involve physical persons. Specific measures have been rolled out at Bolloré Logistics to reduce the impact of this risk. The company believes that the global deployment of a digital strategy must reconcile economic objectives and respect for the fundamental rights of individuals, including the right to personal data protection and privacy. The strengthening of the legal provisions (namely the European regulation on personal data protection, ’GDPR’, which came into force on May 25, 2018), the growing digitalization of activities and the services offered require systems that provide end users with secure processing of their personal data, as well as confidentiality.
In response to this major challenge, the Bolloré Group has set up a Steering Committee dedicated to GDPR and data protection in general, focusing on: • The strengthening of individual rights around personal data; • The security measures around data processing; • The distribution of roles and responsibilities between the various companies that process this data. This Steering Committee consists of Data Protection Officers (DPOs) appointed within the Group as well as the GDPR officers (lawyers and representatives of information systems, human resources, purchasing, etc.) and meets regularly to assess the actions being taken and to determine the next stages of deployment.
At Bolloré Transport and Logistics, it is tasked, for each business unit, including Bolloré Logistics, with: • rolling out internal procedures (processing register, impact analysis procedure, security incident management procedure, etc.) and tools to ensure that data protection is taken into account; • defining the actions/action plans to reduce the risks incurred by the physical persons identified by the personal data processing mapping; • training employees on these duties.
In late 2018, employees from the Bolloré Transport & Logistics division, including employees from the Bolloré Logistics business unit, were educated on personal data processing by the Human Resources Directors (for all divisions). An impact analysis of service providers in charge of managing sensitive employee data is underway in order to roll out suitable action plans depending on the risks identified. A process was formalized and the officers to contact were identified and trained to respond on time. For any new contract or during a contract renewal, personal data protection aspects are routinely included. Protecting the personal data and privacy of employees is subject to an internal control process at Bolloré Logistics. Finally, whenever an internal application is created, specifications have been drawn up to ensure that each new IT solution complies with the regulations.
In mid-2019, the employees of the Bolloré Group’s French companies were also able to follow an online training module on personal data protection. 81% of Bolloré Logistics employees in the European scope successfully completed the training. This module was supplemented with awareness-raising sessions tailored to the particularities of the business lines, led in-person with employees by the DPOs in the various divisions. They also carried out information campaigns among their employees on how their personal data is processed. Simultaneously, the GDPR officers in the Human Resources Departments of the French and European entities were trained on the provisions of the European personal data protection regulation and have access to a collaborative platform comprising the various documents and procedures required to bring the entities into compliance.
Finally, the information system security management system (ISMS) used in the Group is based on the ISO 27001.2013 standard, which manages security in all of its subsidiaries worldwide. In accordance with its Personal Data Charter published on its Internet website, Bolloré Logistics only collects the personal data it needs to conduct its business, namely to comply with legal obligations and for legitimate interests. The company does not authorize any subsequent processing of this data. Bolloré Logistics has a specific email address for all employees and all third parties with requests about the type of personal data the company collects, how we process it and how they may exercise their rights in accordance with applicable law.
