Compliance with the General Data Protection Regulation (GDPR) has been one of your major projects over the past two years.
What are the main GDPR challenges specific to your business?
Pamela Bobillier : Founded in 2008, Altea Energy is a specialist in technical assistance in the field of Energy and supports all players in the oil and gas, renewable energies and infrastructure sectors. Drawing on its experience on more than 300 projects around the world, Altea Energy has recruited and mobilized thousands of qualified experts on its customers’ sites, particularly in Africa and Middle East. As such, we manage the personal data of the consultants we place on a daily basis, in an international context where regulations vary from one country to another. We are therefore committed to protecting their data, which is a considerable asset for the company.
Beyond the legal obligation to be in compliance with this European regulation, the challenge for us is to live up to the trust of our clients and our consultants, by ensuring transparent management and protecting their personal data.
Can you tell us more about the type of personal data you process at Altea Energy?
P.B : We mainly process the personal data of our consultants, but also of our employees, our prospects / customers and our website visitors.
For our consultants and employees, the data we protect are about :
- their professional life (CV, professional situation, training, diplomas, training certificates, etc.) as part of the recruitment process,
- their identification (marital status, address, phone, email, etc.) to establish their employment contract or mission contract as well as immigration papers,
- their economic and financial situation (RIB, bank details) in order to ensure the payment of their remuneration,
- their personal life (family situation, measurements, etc.) to establish insurance needs and the mobilization of consultants (PPE in particular).
The data processing of our clients and prospects in our CRM is also subject to the GDPR, as are those of visitors to our website, filling in contact or application forms.
What process do you have in place to protect personal data?
P.B : For our compliance, we called on an external DPO (DPO Spring : www.dpo-spring.com) to guide us on the legal aspects of the regulations. For the implementation, we worked on Data Legal Drive application (www.datalegaldrive.com), a platform dedicated to GDPR project management on which we established our data management register, piloted project actions and prepared the necessary documentation for our compliance. We also monitor requests for the exercise of rights from data holders.
GDPR is now part of all our operational processes and impacts all departments of the company: Sales, Recruitment, Mobilization, Admin & Finance, Legal, HR, IT and Marketing & Coms.
The protection of personal data is more than complying with current regulations. It is a natural continuity of the values and the CSR strategy that we have been advocating and applying at Altea Energy for more than 10 years, based on reliability, safety and quality of service to both our consultants and our customers.