95th Tech Day: "General Data Protection Regulation (GDPR) at Altice Labs"

95th Tech Day: “General Data Protection Regulation (GDPR) at Altice Labs”

Altice Labs held the 95^th Tech Day on the 18^th May, under the theme “General Data Protection Regulation (GDPR) at Altice Labs”.

In the first presentation, Nuno Seixas, from the Technological Coordination department, reviewed the main aspects of the Regulation, reminding that it aims to reinforce the rights of european citizens with respect to their privacy, to restore trust in online activities and better protection of consumer data by requiring companies to adopt new measures and controls to that end. Nuno Seixas also pointed out the need for a legal basis for the collection of personal data, obtaining the consent of the data owners and the need to provide means of consultation, correction, deletion, oblivion and withdrawal of consent to the owners of the data collected.

The following presentation, by Paula Cravo, from the Technological Coordination department, served to summarize the ongoing work at Altice Labs for compliance with the GDPR. It was made clear, during the presentation, that this work began with the identification of not only the most critical products and services (the classification criteria being the type of service provided, the volume of data and the countries where they are installed) as well as an ongoing survey of Altice Labs’ products and services that are part of the commercial portfolio in order to start the Privacy Impact Assessment (PIA).

In turn, Isilda Costa, from the Regulation, Competition and Juridical department, during her intervention, contextualized Altice Labs as a provider of solutions and services, namely in the role of data controller and data processor. In this context, it was emphasized the need to regulate through a written contract the relationship of subcontracting (back to back) as the Regulation imposes equal obligations and responsibilities to all stakeholders. It was also discussed the impact of the GDPR on the contractual relationship with outsourcing companies, since they have the same obligations regarding data protection as those established in the contract with the controller. Finally, the use of personal data in the context of research projects, namely the P2020 and H2020 projects, as well as other private scientific research projects was also addressed.

To conclude this Tech Day, Mário Moreira, from the Technological Coordination department, presented a technical approach aimed at compliance with the GDPR. This approach results from the analysis of a set of cross-cutting issues for the various development teams that have already been identified during the PIA of several products and services. During his presentation, Mário Moreira stressed that this is a work in progress that will impact not only the tools and technologies adopted as well as the Altice Labs’ Systems Development Process itself, reflected in particular in the procedures that will be followed by technical teams supporting customer or production environments, and aiming to create evidences of access control to personal information for auditing, records of such access and revocation of access permissions.

The crowded room has contributed to the dynamism of this Tech Day, with the audience asking questions and intervening frequently.