Cybersecurity and in particular the protection of personal data are major challenges for a group the size of ENGIE at the heart of the energy transition and the digital revolution.
Cybersecurity concerns the IT security of individuals, tangible and intangible IT assets and organizations. This has become a crucial issue for the company and its stakeholders.
Cybersecurity
A number of systems are in place to counter the risk of a cyberattack or fraud:
- A cyber security monitoring centre keeps a constant eye on our networks and critical infrastructure. It includes monitoring of security patches
- User awareness campaigns
- Regular testing of the security systems in place, including tests against hacking and phishing, and crisis management testing
- Monitoring online attacks and fraud
- Additional special actions are taken according to cybersecurity regulations, like Europe’s Directive Network and Information Security (NIS)
- For some service parameters, certifications covering cybersecurity have either been obtained or are being worked towards (ISO, SOC2)
ENGIE also has cyber insurance.
All of these systems are regularly updated to adapt to new cyberattacks.
Below are links to the ENGIE Insight (United States) website on Security and Compliance, the site of the Agence Nationale de la Sécurité des Systèmes d'Information or ANSSI (France) and the site of the National CyberSecurity Centre or NCSC (United Kingdom): Personal data protection
- Security & compliance at ENGIE Insight to USA (ex-Ecova - SOC2 certification)
- Agence National CyberSecurity Centre (NCSC) in UK for Cyber essentials
Protection of personal data
The requirements of the European Regulation regarding Personal Data Protection (EU 2016/679) increased companies’ obligations when processing personal data (whether it’s from their employees, their clients, their partners, ...). These new obligations lead ENGIE to update its Group data privacy policy and to bring its data processes to compliance.
Binding Corporate Rules
ENGIE handles personal data, including those related to its employees as part of human resources management. Aware of the sensitivity of these data, the Group has set up Binding Corporate Rules (BCR) to ensure their protection in case of transfer outside the European Union. With these BCR, approved by all European data protection authorities, ENGIE joined the circle of companies that pay particular attention to the protection of personal data.
Contacts
For any questions regarding the protection of personal data, please contact ENGIE through its GDPR Portal.