As a publisher and integrator of educational solutions, Kosmos is required to process personal data at the request of its customers. To ensure a high level of protection for this data, Kosmos hosts it in France in its own datacenter (NFrance). By complying with the General Data Protection Regulation (RGPD) and the recommendations of the French Ministry of Education, Kosmos guarantees the protection of its customers' data.
What is the RGPD?
The General Data Protection Regulation (RGPD) is the new European reference text for personal data protection. The RGPD defines a new milestone in securing personal data.
Data stored in data centers in France
All personal data is stored by NFrance in Toulouse, France. NFrance has a long history in hosting, outsourcing and mission-critical digital services. NFrance belongs to the Kosmos group. Kosmos ensures the traceability of personal data by controlling the entire data processing chain, from software creation to hosting and outsourcing.
The main principles of the RGPD
The General Data Protection Regulation(RGPD) is the European reference text for the protection of personal data in force on May 25, 2018. Vis-à-vis the Data Protection Act, the RGPD reaffirms the collection of consent and strengthens the rights of individuals and the transparency of personal data processing.
The main obligations of the RGPD are:
- Obtain the consent of individuals whose personal data will be processed
- Strengthen individuals' rights to access, oppose, rectify, forget and port data
- Ensuring transparency in data processing. Data is processed according to the company's real needs, and the data processed and used for a precise and clear purpose.Procedures for deleting old data and security measures are put in place to limit retention and preserve integrity and confidentiality.
Actions taken by Kosmos to comply with the RGPD
- Appointment of aDPO (personal data protection officer) accompanied by 5 referents.Each referent is responsible for ensuring that the data processing carried out in his or her department complies with the GDPR. The expertise of each referent in his or her activity ensures better monitoring of personal data processing. By working in collaboration with them, the DPR provides the company with a global and in-depth vision of the various existing data processing operations.
- Implementation of security measures to guarantee the protection of personal data
- Support customers and users on the subject: contact-dpo@kosmos.fr
- Drafting of contracts RGPD-compliant
- Creation of support for customerswishing to exercise their rights regarding the management of their data
- Implementation of anotification process of the customer or the person responsible for processing personal data as soon as possible in the event of a data breach
What is the role of the DPR?
To ensure better monitoring of personal data processing, Kosmos has appointed a DPR. His role is to:- Inform and advise Kosmos' management, technical teams and other internal departments, as well as its customers and partners, in order to ensure RGPD-compliant processing of personal data.
- Monitor compliance with the RGPD
- Advise Kosmos on carrying out an impact analysis (CNIL PIA) and verify its execution.
- Cooperate with the CNIL and act as its point of contact
If you have any questions, please do not hesitate to contact our Privacy Officer: contact-dpo@kosmos.fr