Lucille Bonenfant

Lucille Bonenfant

Vice-President and Chief Privacy Officer

As we enter 2023, never has technology played a more critical role across our clients’ industries and geographies in satisfying the needs of their customers and citizens. In fact, the insights from the 1,700 business and IT executives interviewed for the CGI Voice of Our Clients cites that digital acceleration is having the greatest impact on their business.

While digital plays an important role in helping organizations overcome challenges and embrace new opportunities to serve their customers and citizens, it also increases privacy concerns, making data protection an essential business strategy.

Data privacy is an increasing priority—not only to build trust with all organizational stakeholders, including customers, employees, suppliers and so on, but also to keep pace with a mounting set of privacy regulations worldwide. The United Nations Conference on Trade and Development is tracking this legislation (Data Protection and Privacy Legislation Worldwide | UNCTAD) and, as of the writing of this blog, nearly two-thirds of the world’s countries have modern privacy regulations in place.

CGI’s Voice of Our Clients findings also demonstrate that industry leaders globally are focused on this topic. For example, 61% of executives who are producing results from their digital strategies (those who are categorized as digital leaders) place a premium on running secure IT environments, compared to 24% who are still building or launching digital strategies. When it comes to extending data privacy compliance to their external ecosystem of partners and suppliers, 90% of these “digital leaders” have programs in place, compared to 83% of those still working on their digital strategies.

Clearly accelerating digital strategies also entails accelerating a priority in data privacy.

Protecting data is a business imperative

Given the importance of becoming digital leaders, many clients often ask about CGI’s privacy standards and programs. 

Last year on Data Privacy Day (known in Europe as Data Protection Day), I shared a blog called Building data privacy and protection into your daily operations. In that blog, I provided information on CGI’s global privacy program, particularly in relation to the requirements and best practices set forth in the European General Data Protection Regulation (GDPR).

This year, I’d like to share an update on the work we do on a daily basis to continuously evolve in this crucial area and stay up-to-date.

During the past year, we continued to build out our global privacy function. Our multicultural team consists of privacy experts and records coordinators spread across our various regions. We oversee CGI’s global data protection strategy, develop and maintain data protection and records retention policies and procedures aligned with the best industry standards and applicable legislation across the globe, and collaborate on a daily basis with CGI professionals to provide added-value to our three stakeholders: clients, employees and shareholders.

In addition, we achieved ISO 27701 certification for 44 sites across our global operations, including nearshore and offshore sites. We enhanced our existing information security management system to meet the requirements of ISO/IEC 27701:2019 to include all elements of data protection, whether we are processing data on behalf of our clients or for our own purposes.

Published in August 2019, ISO 27701 is the internationally recognized standard that defines the management system and security requirements for the processing of personal data. Implementing a management system for data protection is instrumental to help any organization be compliant with applicable legal and regulatory requirements. As highlighted by external auditors, this certification demonstrates CGI’s maturity and proactive approach to personal data protection.

As the saying goes, practice makes perfect. To complement the above efforts, we launched a learning program to support the skills development of our privacy experts and record coordinators. We also provided mandatory e-learning courses for all employees to improve their privacy awareness in alignment with the latest data privacy legislation and gain a practical understanding of data management fundamentals that are part of our day-to-day operations.

Continuously enhancing trust is essential in today’s data-driven world

Trusted relationships are fundamental to the longevity of business success. Data Privacy Day’s annual event aims to raise awareness about the importance of respecting privacy, safeguarding data and enabling trust.

As you consider how privacy is embedded into your operations, I have three key takeaways:

  1. Focus on your ongoing privacy maturity – This implies improving the effectiveness of data protection compliance and aligning with a constantly changing legal environment. At CGI, we monitor legislative evolution and provide an integrated privacy approach, along with relevant security safeguards.
     
  2. Meet expectations about transparency – This requires knowledge and expertise on how personal data is processed and protected, including relying on trained employees and partners of choice. At CGI, we put privacy and data protection high on our agenda and are committed to providing transparent communications via our
    CGI.com privacy page.
     
  3. Be a “privacy ambassador” – This involves taking privacy to the next level. At CGI, we promote privacy best practices at each level of the organization and make data protection an everyday priority.

I invite you to contact us if you have questions about CGI’s data privacy practices as you work to accelerate your digital transformation.

About this author

Lucille Bonenfant

Lucille Bonenfant

Vice-President and Chief Privacy Officer

In May 2021, Lucille Bonenfant was appointed CGI’s Chief Privacy Officer, overseeing the company’s global data protection strategy, enterprise-wide data protection policies and procedures, and data protection regulatory compliance. A prominent lawyer with more than 15 years’ experience in business and contract law, including ...