Orange complies with GDPR, but what does that mean for you?

The GDPR or General Data Protection Regulation essentially unifies the existing regulations of all 28 member states in terms of privacy and data protection. What is so innovative about the GDPR is that companies are responsible for processing the data and non-compliance can lead to hefty fines. The new legislation goes into immediate effect as of 25 May 2018 and as a result, national governments are not required to pass any enabling national legislation.

Jan Leonard, data protection officer at Orange Belgium, confirms that Orange Belgium will be ready when the new legislation takes effect. “Incidentally, this new legislation is the result of the earlier method and the current privacy protection act, as well as the e-privacy legislation on communication data in particular.”

Jan Leonard emphasises that Orange doesn’t consider GDPR a revolution. “It’s a logical and necessary evolution of the protection of personal data and once again highlights the importance of appropriate protection. At the same time it is also an opportunity for us to further upgrade our level of protection”, he concludes.

What does this legislation mean specifically for our customers?
 

1. More control for customers

Customers will have greater control over their personal data. “The procedures used to answer customer questions will be adjusted. For instance, the right to access your personal data or the right to be forgotten”, Jan Leonard explains.

Customers will also be able to transfer their relevant data in a safe and simple way. Moreover, customers will receive more information on the use of personal data and the purposes for processing in case of a so-called opt-in and opt-out.

In layman’s terms: customers can manage their own personal data at all times.

2. Transparency

In addition, Orange will provide its customers with clear information as to the processing of their personal data. “On the Orange Belgium website, every customer will be able to determine which personal data are used for which purposes”, says Jan Leonard. “Amongst others, our website will present the customer with an overview of the location of the data centres used for data processing. Furthermore, an overview of all processing activities will also be available.”

In layman’s terms: customers will have access to all relevant information on their own personal data.

3. Accountability

Orange also takes care to integrate the GDPR legislation into its business processes and operation and documents them when necessary. “For important and high-risk processing procedures we perform a so-called data protection impact assessment (DPIA) based on a detailed risk analysis of the data protection and the potential risk to the customer”, Jan Leonard explain. “We are also reviewing all data processing agreements with suppliers and subcontractors.”

In layman’s terms: Orange is gearing its organisation and operation procedures to conform to the GDPR legislation.

4. Duty to report

And finally, the GDPR legislation also imposes a duty to report data breaches. “These include personal data breaches, breaches of confidentiality, integrity or destruction of data”, Jan Leonard continues. “All these incidents must be reported to the regulator and the fleet manager at the earliest opportunity, and in some cases to the data subjects themselves. The existing procedures have been adjusted accordingly, based on the e-privacy regulations.”

In short, Orange is leaving no stone unturned in terms of GDPR legislation. “By late 2016, Orange Belgium had already made the necessary adjustments to its data protection program and changed its name. For instance, the GDPR programme is comprised of 15 initiatives ranging from how to answer customer questions to the data protection impact assessment”, Jan states. The programme was approved and its progress is being monitored by the board of directors of Orange Belgium.

In layman’s terms: Breaches of the GDPR legislation must be reported and are subject to a fine.


GDPR at Orange: here’s a comparison with the aviation industry:

If you have any questions please contact your account manager or go to this page for more details on the consequences of the GDPR for your business.