Exclusive Networks // Sustainability Report 2022
Ethics, fair practices, compliance and security Data protection
To ensure that employees understand and take into account security measures, and thus measure the effectiveness of training, the CISO also carries out cyber attack simulation campaigns, for example on phishing*: Phishing campaigns
1,079
808
694
577
412
312
314 293
Halloween Oct-21
Valentine Feb-22
Summer Jul-22
DocSign Nov-22
Clicked
Reported
* For confidentiality reasons, the figures are not representative
within their organisation. It provides an independent assessment of their level of maturity and is a mark of trust recognised by stakeholders. To maintain this level of standard over time, a re-certification is required every three years. The Trusted Introducer process has four category levels: listed, accredited, certified and associate. Already recognised at the “accreditation” level, the GSOC department has started the process to reach the “certification” level. The objectives of this organisation are to: establish policies and procedures relating to the protection of personal data; provide operational staff with analysis and decision- making tools, as well as standard contractual clauses; ensure the presence and compliance of clauses relating to the confidentiality of personal data in contracts, whether with vendors, customers or service providers of the Group; ensure that the data collected is minimised and that the principle of “Privacy by Design” is taken into account to at the design stage of a system involving the processing of personal data; respond to requests from any person wishing to exercise their right to access, rectify, oppose or delete data, whether an employee or a third party; design and deliver the employee awareness programme; ensure regulatory intelligence. In 2022, the Group rolled out an e-learning personal data awareness programme for all staff with two training modules. This process will continue in 2023, with the implementation of new sessions.
Certification projects Trusted Introducer Service (TI) was created by the European Computer Emergency Response Team (CERT) community in 2000, to meet common needs and to establish a service infrastructure providing essential support to all computer security and incident response teams. The TI certification is intended for teams responsible for security, response and handling of security incidents
6.5
Data protection
The Group collects and processes personal data primarily for two purposes: as an employer, to comply with its legal obligations and to implement skills development policies (see Chapter 4.5); in the course of its activities, for the marketing of its products and services. In this respect, the Group is subject to international regulations such as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 General Data Protection Regulation (GDPR), as well as to local legislation applicable in the countries in which it operates, including the Data Protection Act 2018 for the UK (non-exhaustive list). In order to respect the right to protection of personal data and privacy, the Group has set up an organisation that reports to the Group General Counsel & Group Compliance Officer, comprising: the Group Data Protection Officer, in charge of advising and supporting the company to ensure compliance of processing, and promoting the principles and rules of personal data protection to all employees; the team of Legal Counsels, in charge of ensuring that the applicable legislation on the protection of personal data is properly taken into account in contracts; a specialised consultancy firm, providing support on various subjects and in particular on the consideration of local regulations outside Europe.
66
Exclusive Networks
Sustainability Report 2022
#WeAreExclusive
Made with FlippingBook. PDF to flipbook with ease