Meeting international data protection standards



Data protection

Sophie Nerbonne

Director of Economic Co-Regulation at the independent French data protection authority (CNIL)

After coming into force in May 2018, the General Data Protection Regulation (GDPR) has realised one of Europe’s major political ambitions to restore its economic sovereignty in data protection. This robust piece of legislation, which requires that companies and organisations follow specific rules when collecting, storing and using data, should not only be seen as a regulatory limitation. Of course, breaking GDPR rules can result in fines of up to 4% of a company’s worldwide consolidated revenue.

But that does not change the fact that these rules are first and foremost an asset for all businesses involved in their own digital transition. They are a source of trust for customers, employees and the entire digital landscape — partners, subcontractors, suppliers — and more. They also offer a layer of legal protection and stability in an uncertain and changing environment that is continuously disrupted by technological progress. These rules form the foundation for corporate strategies on responsible innovation and sustainable development. As a regulatory authority, the CNIL drives this movement to innovate responsibly by raising companies’ awareness of the importance of data protection and how to best unlock the immense competitive potential this data represents. Of course, the CNIL cannot carry out this task to support all companies alone.

That is why we have rolled out a “network leaders” strategy that brings together non profit organisations and professional associations, as well as industrial groups, to work to improve data protection practices within their fields. Thanks to its leading role, Orange, like all large companies, can play the role of “network leader” for its subsidiaries, subcontractors and suppliers, both in France and internationally. One of the major data protection challenges for the future is establishing international standards, and GDPR could be the model for this.

David Kaye

Safeguarding human rights in the age of AI