Data, a strategic asset for Societe Generale
Today, data is central to customer relations and the Societe Generale Group organisation. In a digital environment, the Bank improves its services to its clients, its risk management, and its operational efficiency, thanks to data use while ensuring its quality, security and protection.
With 75 million digital contacts every month in France, digital is becoming customers' main point of entry with the Bank. With new technology, these ever-multiplying data are analysed more closely, enabling Societe Generale to offer its customers more personalised and relevant service, by pairing the best of human and digital resources.
At the same time, data is central to the concept of trust. French people are concerned about the protection of their data, and only the banks have the trust of more than half of all French people in this regard*. Societe Generale’s role as a trusted third party is a real competitive advantage that the Group must retain.
Data management has always been in Societe Generale’s DNA. New technology is moving us closer to our customers, where we play our advisory role by pairing the best of our human and digital resources. We are transforming in depth, to better optimise and protect this strategic asset for the Group. To respond to these two issues, the Group is rising to many challenges:
- Optimising data to provide a better service to customers through more than 200 data usage development initiatives, some of which are still in the experimental phase (closer analysis of the consumer credit risk), while others are already in production (personalised customer solutions).
- Setting up data use conditions, while ensuring their security and protection, with a decentralised organisation that is close to the businesses and the spread of a data culture, in respect of regulations, notably General Data Protection Regulation. Ensuring the technological and human resources for our ambition. Societe Generale invested in a big data platform to put data at the centre of its information systems. To attract and internally promote the top data-processing talent and skills, the Group relies on a targeted recruitment approach with traditional schools, the Grande Ecole du Numérique and an internal training programme known as Big Data Academy.
In an increasingly digital environment, data is becoming an important element of client relations. "The amount of data is growing at an exponential rate and the development of new technologies (Big Data, data visualisation) is enabling us to use this data to develop new services, better manage our risks and improve our operational efficiency." Emmanuelle Payan, Group Chief Data Officer, explains her central role in the governance and value-creation of data.
Focus on GPDR, General Data Protection Regulation
What is GDPR?
In response to the proliferation of uses on personal data in all economic sectors, the European legislator published a new regulation called General Data Protection Regulation (GDPR).
From May 25th, 2018, all the processing of personal data (collection, analysis, storage, transfers, etc.) in Europe or carried out on European residents will be governed by this new regulation which reinforces:
- The rights individuals such as the need to obtain their consent to carry out certain treatments or the right to be forgotten
- Corporate accountability for data processing and penalties for non-compliance.
The GDPR at Societe Generale
The Group’s business lines have always collected, used and stored certain personal data about their clients so they can propose services that meet clients’ requirements and continually improve their product and service offering. In the age of the digital revolution, the volume of available data is growing, enabling the Group’s businesses to offer ever more personalised products and services.
Societe Generale is aware of the importance for its clients to be able to retain control of their personal data, and it reaffirms its commitment to processing these data responsibly. This document explains its policy in this area and the key principles it follows in terms of protecting and using its clients’ personal data. The policy and principles will be adapted for each of the businesses and regions in which the Group operates, in accordance with local regulations.
To be compliant with this regulation and strengthen the trust of our customers and employees, Societe Generale group is committed to 25 guiding principles that constitute the common framework for all Group entities and departments. They are divided into 4 major themes:
- Objectives & commitments
- Consent management
- Roles and responsibilities
- Standards & Security
What's a DPO ?
At the heart of the new European regulation, the Data Protection Officer (DPO) is a genuine "driving force" behind data protection compliance. His or her main tasks are:
- to inform and advise the data controller or subcontractor and their employees;
- to monitor compliance with the regulation and national data protection laws;
- to advise the organisation on carrying out impact studies on data protection and to verify their implementation;
- to co-operate with the supervisory authorities and to be their point of contact.
Societe Generale’s DPO
Across the Societe Generale Group, Antoine Pichot is appointed DPO on 4 September. Antoine Pichot's role is to ensure the Group is compliant with the European General Data Protection Regulation (GDPR), which will enter into force in May 2018. He supports and advises the Group's Business Units and Service Units in terms of personal data protection, notably clients and employees data. Antoine Pichot will be the privileged interlocutor for the French data protection authority (CNIL) and will be responsible for the leading and supervision of Data Protection Officers appointed across the Societe Generale Group.
We must identify all our processes that involve personal data. Rather than simply identifying these processes, this will also give us the opportunity to review the purpose and reason for our processing activities and how they are managed...
The General Data Protection Regulation will come into force on 25th May 2018 in all European Union countries. Any company which processes personal data is to be affected - from big international groups to local startups - but there are many who don’t know about this regulation and who don’t understand what they have to do or the impact which this regulatory upheaval will have on their business.
The amount of data generated worldwide has exploded with the digital revolution, and personal data is being increasingly used in all sectors. In light of this, and in response to concerns expressed by European citizens, the European Union, with the backing of supervisory authorities, has published the GDPR. This European regulation will enter into force on 25 May 2018.