How does ARIADNEXT ensure full compliance with GDPR during this period ?
The health crisis has forced us to implement teleworking solutions, more often than not in a hurry. From an infrastructure point of view, this does not lead to any particular difficulty, mostly due to the general and gradual shift to cloud applications. However, many questions remain unanswered regarding data, this new intangible asset which for the past few days has been leaving companies and circulating almost freely… A question of governance. Our director Guillaume DESPAGNE answers your questions.
At ARIADNEXT, our customers’ data is continuously being processed on our Data center’s servers and there is no reason for it to end up on our employees’ workstations.
Only test data may circulate with the agreement of our customers. Nevertheless, given that the data we handle is sensitive, the following measures are in place:
- Teleworking has been in place at ARIADNEXT for more than a year and we already have a well-established process for that purpose.
- Our employees’ hard disks are encrypted.
- Personal computers are not allowed to connect remotely.
- The connections between our employees’ workstations and our work servers are encrypted by a VPN administered by us.
- Each employee only has access to the servers and data that are strictly necessary for their mission.
- The usual security instructions keep on applying: the work session is locked in case of absence from the workstation.
The human factor is a much bigger risk factor than the techniques that have been put in place and which are well established. But again, whether it be at home or at work, an employee who would intend to commit a malicious act would have a hard time trying. Indeed, all our servers are encrypted. ARIADNEXT does not store any data unless requested by a customer. The data transits through our severs and is deleted in a matter of seconds. Moreover, given our activities, all of our recruitments are based on a notion of trust. There is no reason for the health crisis to turn our employees malicious.
Moreover, the idea that humans are the biggest risk factor also applies under normal working condition, as demonstrated by numerous data leaks scandals.
Our end-users’ data is not accessible from our employees’ workstations and only transits through the production servers.
Sensitive nominative information (images of identity documents, extracted data and checks carried out) are erased at the end of the processing, i.e. after a maximum of 12 seconds.
At ARIADNEXT we use our own servers, hosted on our own premises.
Even though many of our customers are now using the cloud, we guarantee that all data transiting through our servers and that should, at one point or another and at their request, be stored by ARIADNEXT will be stored on our data center with our own technologies, which have been validated by ANSSI (the French Agency for Information Systems Security) and which are audited on average twice a year. We attach a great deal of importance to security and we know that certain persons have made a different choice. At ARIADNEXT, an IT team is dedicated to this topic and takes care of it scrupulously.