GDPR - get onboard

Nicolas Morel

April 24, 2018

Time to get onboard with ALE, where privacy is designed into the product.

So here we are, on the eve of the European Union’s (EU) compliancy deadline of the General Data Protect Regulation, more commonly referred to as GDPR. And, for anyone who doesn’t know, May 25, 2018 is the actual date that should be circled on your calendar.

The question is, what does GDPR really mean to you and your business? Well, quite frankly, everything–and that’s not overstating it. A PwC survey indicated that, while GDPR is an EU initiative, 92 percent of U.S. companies consider it a top data protection priority.¹

In a nut shell, GDPR will impact the personally identifiable information (PII) of every EU citizen, and that includes everything from names and email addresses, to IP addresses and cookie data. It will touch every business that interacts with EU businesses including third-party interactions. In essence, GDPR will impact every transaction that occurs within the EU—so that’s all.

Now, don’t push the panic button just yet. Many organizations have been working toward the May 25th date since it was adopted by the European Parliament in April 2016. One approach to address GDPR requirements, which has been adopted by some companies, harkens back to the 1990’s. The concept of ‘privacy by design’, a keystone element in systems engineering that promotes the idea, ‘it’s not about protecting data, but rather about designing so that data doesn’t require protection’. Good idea, right?

As we get closer to the impending red-letter day, response to GDPR compliance seems to be shaking out into three categories. Some companies are scrambling, just hoping that they don’t get into trouble before they are compliant; some have already pulled the blankets up over their heads and called it a day; and others are sitting back, with a ‘bring it on attitude’, confident that they are prepared for the paradigm shift.

At this point you’re probably saying, ‘I wonder which of those categories, ALE fits into’. Well, the good news it’s the last one.

We believe that privacy needs to be built-in not bolted-on. ALE is one of the companies that adopted the ‘privacy by design’ principles early on. In addition, we provide in-house workshops to guarantee that everyone is on the same page when it comes to ensuring that domain awareness is incorporated into our designs. We also conduct impact analysis with key checkpoints in which our Data Protection Officer—that’s right, we have a DPO—participates. We understand that good design is integral to ensuring data privacy.

From time to time, the GDPR team invites organizations to demonstrate e-security solutions that have been successfully implemented in the prevention of data leakage. One such example is our Alcatel-Lucent Rainbow, an application that provides collaboration within a company, as well as extending collaboration capabilities to external clients. It was developed based on the ‘privacy by design’ principles, and in parallel with GDPR requirements.

Our customers expect us to support their ability to achieve compliance when they use our products and services.  But what happens if the unthinkable occurs and there is a data breach? According to the GDPR requirements, companies must be in a position to notify affected individuals within 72 hours. This means you better know where your data is, and you better have a plan.

While one of the privacy challenges of a collaboration tool is identifying data in real-time collaboration flows. The Rainbow data dictionary (data model) makes it possible to know exactly which fields and procedures make use of personal data. With Rainbow, we also know that our hosting provider’s equipment is physically secure and that logical access is protected. In addition, we provide proof that we are implementing the most advanced security measures to protect our customers’ data. This allows customers to integrate these measures into their own security policies.

We know that design is key to maintain the confidentiality and anonymity of users, and to ensure that data fields are not exposed to unauthorized analyses. And, most importantly that the confidentiality rights of our users are not compromised.

Isn’t it time to get onboard with ALE, where privacy is designed into the product, and you have the tools you need in your GDPR compliance backpack at all times? Learn more in this whitepaper "Privacy by Design".

[1] https://www.csoonline.com/article/3202771/data-protection/general-data-protection-regulation-gdpr-requirements-deadlines-and-facts.html