The May implementation date for the GDPR marked an important milestone in our partnership. It is a project we have been working on jointly for several months, to ensure compliance both for Schneider Electric and for Capgemini in the role of data processor for a range of Schneider processes and projects.
We have taken a highly pragmatic and positive approach to GDPR, recognizing both that the May 25 implementation date was far from the end of the story and that there is great value to be unlocked from GDPR both for the consumer and for your business. And our efforts have already been acknowledged. Nelson Hall named Capgemini a Leader in their GDPR NEAT evaluation based on our “ability to deliver immediate benefit” and our “ability to meet future client requirements.”
In the past months, we have worked closely to make sure Schneider Electric-Capgemini contracts take full account of the GDPR requirements, that the necessary registers are in place, and that both organizations are crystal clear about where responsibilities lie.
This process has been tremendously helpful in building confidence and trust between critical stakeholders in Schneider Electric, such as your recently appointed Chief Data Officer and Chief Information Security Officer, and those at Capgemini.
The joint workshop we held in April at The Hive was one, highly productive, example of this process. We explored and agreed on the absolute importance of unifying our approach from a business process, digital transformation, data management, and cybersecurity perspective – this is the only way to deal with the demands of the GDPR effectively.
Meanwhile, on the ground, we have been partnering with Schneider Electric in key areas related to GDPR compliance. The first is in accelerating the process of creating consistently compliant control processes between Schneider, as data controller, and third parties as data processors.
The second, and probably widest-ranging area of cooperation is in data governance. In this we plan to leverage our close partnerships with Microsoft and Informatica to help Schneider Electric architect GDPR solutions for data discovery, lineage, and security.
A little further in the future, we see opportunities to grow our contributions to Schneider Electric’s highly strategic connected offers. For example, we are able to help overcome data security risks that threatened to delay the launch of one offer.
Another area we see great potential for cooperating is in cybersecurity for your digital factories, as well as security for the Schneider Electric customers who buy components to be used in the energy industry. Security and Privacy are at the core of these digital initiatives.
Capgemini’s entire approach to the GDPR has been to acknowledge the challenges of compliance, but also to recognize the opportunities it presents. Of the topics covered in this brief article, control for interaction with third parties and data governance draw on our compliance expertise, while the skills we bring to connected offers and digital factory data privacy and security concentrate on adding value to your business.
We look forward to continuing the journey.
Pierre-Luc Refalo, Cybersecurity Strategic Consulting & GDPR Services Global Lead at Sogeti, Capgemini Group