[Narrator] Can you introduce yourself?
[Romain Alberca] Hi, I'm Romain Alberca and I'm deputy CISO at ARCAD Software, as well as Solution Architect on the DOT Anonymizer project.
[Nar.] Why is data anonymization so important for businesses?
[R.A.] Data anonymization is a very important element for a company, as it involves protecting the data of our customers and our internal staff. Anonymization is the best way to achieve this, because we modify the data. We alter it so that it can no longer be used later. That's why it's so important, especially as it also helps to avoid sanctions.
[Nar.] Why is it important to develop cybersecurity awareness within your company?
[R.A.] Raising awareness of cybersecurity is extremely important, because it's one of the major risks facing companies today. We're seeing more and more cyber-attacks destroying a company, altering all data and the entire manufacturing process, like a machine jam. That's why we consider this to be so crucial. We're going to be able to protect the company and its future by raising awareness among users, because this is a company's main vulnerability.
[Nar.] What has the advent of the GDPR changed for companies in terms of data protection?
[R.A.] The advent of the GDPR has brought a new awareness to these subjects. We're going to have to protect all users and all people individually. And in fact, the GDPR has really brought a European citizen dimension. In other words, even in an American company, a European citizen must see their rights applied. It's a law that has an impact on the whole world, and no longer just in France like the Loi Informatique et Libertés.
[Nar.] What is the danger for companies in the event of non-compliance with the GDPR?
[R.A.] The danger is that in the event of non-compliance, you're obliged to declare it to the competent authorities, in France notably the CNIL. That's bound to cause a loss of confidence in your image with your users. The CNIL can also impose penalties of up to 4% of worldwide sales or 20 million euros.
[Nar.] How long does a company keep its data?
[R.A.] As far as data retention is concerned, there are several possible scenarios. There's the active database. This is the list of our prospects and current customers. Then, for more specific constraints, we have archiving notions. For everything to do with invoicing, it's five years. And then we have much longer archiving periods for all regulatory matters. That can be anything from ten years to indefinitely.
[Nar.]What is the right to be forgotten?
[R.A.] The right to be forgotten is the possibility for a European citizen to ask a company to delete all data concerning him or her. In effect, we'd be starting from scratch about that company. For example, we can ask Facebook to send us all the data they've collected on us, and then delete it too.
[Nar.] In what context should companies anonymize their data?
[R.A.] Quite simply, data must be anonymized as soon as it leaves production. Production is the environment in which we work. As soon as we leave that environment to do testing, BI, machine learning or training, we have to work on anonymized data, because those people aren't allowed to see the real data.
[Nar.] How best to manage an anonymization project?
[R.A.] To carry out an anonymization project successfully, you need to involve all the players who will be using the data, both those who are at the source of the data and those who will receive it later. Once you have all these elements, you can draw up a set of specifications, noting: "I want to anonymize such and such data in this way". All that's left to do is to equip yourself with a tool that will enable you to achieve this anonymization.
[Nar.] How does DOT Anonymizer meet all these challenges in terms of personal data anonymization?
[R.A.] The advantage of DOT Anonymizer is that we don't have to worry about the technical side. We described our needs in advance in a set of specifications. DOT Anonymizer is simply a tool for translating business language into technical language. All in a simple and efficient way. We'll be able to define exactly what we want to do, and DOT Anonymizer will do it for us. All the while maintaining consistency both in our databases and in functional terms, in other words, respecting all our integrity constraints.