My data, the keys to trust

8:00am, Arthur finishes his training session and shares his run times with his friends via his smartphone app.
12:30pm, he posts a photo on social media from his cousin’s wedding that took place at the weekend.
7:00pm, he buys a few books online via an e-commerce site.  
A typical day in the digital age, with personal data transmitted across networks without really thinking about what’s being done with it.

However, more and more people are now asking: What happens to the data I post online? Can I protect it, or can anyone help me do so? Can I delete it later on? And so on...

An enlightening study

According to the study on personal data protection carried out by the CSA institute in September 2017, the French think the subject is a priority:

  • 33% have already tried to delete online information about them, rising to 61% among 18-24 year olds!
  • 90% express concern about protecting their data online
  • Best practice is still not widespread: 74% of French people use the same password for all their online accounts

Personal data can be used – so long as it meets regulation – for a variety of purposes, from targeted online ads based on the user’s browsing history to new services that benefit individuals and communities. The e-health sector is just one example where data brings added value. For example, to help diabetics, glucose levels can be measured through connected objects and shared with medical professionals via remote monitoring apps. However, the question still remains: how do you ensure the data remains confidential and used properly?

For a telecommunications provider like Orange, this question is at the heart of our business strategy. Protecting confidentiality and respecting people’s personal lives has always been a central issue.

An "essential" commitment

Orange publishes a data protection charter, which outlines our commitment to our customers’ data protection and personal privacy.

We ensure the security of our products and services throughout their lifecycle as part of our global security policy, which complies with the ISO27001 international information security management standard.

Orange Cyberdefense, a leading cybersecurity provider, helps businesses protect the personal and professional data of their customers and employees.

We have also established a data governance process to ensure the responsible and legitimate management of customer data.

The Group Executive Committee appointed a Data Protection Officer (DPO) at Group level to ensure data protection even before GDPR made it a necessity. In 2017, Orange appointed DPOs throughout its subsidiaries to reinforce governance.

Across all its initiatives, Orange ensures compliance above and beyond current regulation.

GDPR at a glance

This new regulation establishes a framework for protecting personal data and applies to all businesses and organisations (European or not) involved in the collection, processing and sharing of EU citizens’ personal data.

Overall, it aims to increase the accountability of all parties in the use of personal data. It is organised around key principles including:

  • More control for customers: or the right to respect for all citizens for their private and personal data, in particular in terms of their ability to access, restrict and erase it permanently (a major contribution of the GDPR).
  • Transparency: the consent of users must be free from all conditions and collected in an explicitly and unambiguous manner. Individuals must be informed systematically and in advance of their data being processed. s
  • Accountability: any business organisation collecting and processing personal data must make every effort to ensure its security and confidentiality, and must be able to prove its compliance with the obligations set out in the GDPR at all times.

Did you know?

In France, the 1978 freedom of information law set out a series of principles for anyone collecting and processing personal data, in line with today’s GDPR.

  • Purpose and transparency: the data controller must inform the individual about the purpose of processing their data before it is collected
  • Data relevance and minimisation: once the purpose is defined, only data necessary to fulfil this purpose should be collected
  • Storage limitation: data should not be retained any longer then it is necessary to fulfil the purpose (or comply with any legal obligation)
  • Individual’s rights: right to be informed, right of access, right to rectification, right to erasure, right to restrict processing, right to data portability, right to object etc.
  • Security: all appropriate security measures must be taken by the controller to guarantee data security and privacy

Data and trust

To ensure our customers trust us as an operator, we have been committed to these principles for several years, and are proactive in the way we help people use our products and services.

The Group offers a variety of tools to help people control and manage their personal data. For example, we run in-store training programmes to raise awareness and educate customers about data protection.