The Cigref, The AFAI and Tech In france in their reports” Personal Data and Information Systems ” identified 3 main phases for implementing compliance with the General Data Protection Regulation (RGPD). The first and most important step is to identify uses, The treatments and the systems involved in the management of personal data.
Discover how, through 3 concrete customer cases, Simplicité, thanks to its ability to model the information system, quickly responds to this challenge of mandatory control of the life cycle of personal data.
Customized RGPD reference
The legal department of Amadeus, aware of the challenges associated with the implementation of the RGPD on May 25, 2018, wanted to entrust the Architecture and Innovation Unit of the DSI to carry out a study in order to implement a solution ensuring the management and management of personal data.
A POC (Proof of Concept) was therefore hired with Simplicité which made it possible to model the entire IS and thus to monitor the use and exploitation of personal data.
Information system mapping
ItsMalstom chose Simplicité to map its entire information system according to the Open Group “TOGAF®” model (applications, functions, servers, flows). A real tool for knowledge and control of the IS, the Simplicité application has in particular allowed the separation of energy and transport activities following the acquisition of the energy branch by General Electric.
Thanks to its high scalability, Alstom wanted to expand the scope of the application by processing software asset management (SAM) and personal data (RGPD). The project generated more than 20 million euros in savings in 3 years.
Knowledge of the IS
Cartography, ITSM, SAM, RGPDThe Renault Group Architecture and Innovation Department uses Simplicité as a unique tool for global control of its Information System.
A central point of IS knowledge, Simplicité made it possible to cover a scope extended to the management and management of IT assets (ITSM), licenses (Software Asset Management — SAM), and of course personal data (RGPD).
The GDPR is a European regulation that applies to the processing of personal data. That is, any information that constitutes personal data, any information that relates to an identified or identifiable natural person.
This new regulation obliges data controllers as well as subcontractors.
The RGPD applies throughout European territory. Note: The regulation also applies to all organizations that are not established in the European Union, but which target persons residing in the European Union.
↪ From May 25, 2018, Businesses affected by the GDPR must be up to date with the regulation in place.
↪ Sanctions may reach 4% of global annual turnover of the organization in question or 20 million euros.
Right to rectification and right to be forgotten
Approval of the individual concerned
Limitation of the purposes of data use
Limiting retention, maintaining integrity and confidentiality
Appointment of a Data Protection Officer (DPO)
Simplicité is a Low-Code platform that allows you to create custom applications. Oriented to configuration, the platform offers you the possibility to simply and graphically model your Information System and thus to comply with the new data protection regulations.
To find out more, do not hesitate to contact us via the form, we will be happy to see together how Simplicité will help you in your compliance with the RGPD.