You are here : FRÀ proposSécurisation des données

As a publisher and integrator of solutions for education, Kosmos is apt to treat personal data at the request of its clients. To ensure a high level of protection of these data, Kosmos hosts its own datacentre in France (NFrance). Being compliant with The General Data Protection Regulation (GDPR) and with the recommendations of the Ministry of National Education, Kosmos guarantees the protection of its client’s data.

GPDR Kosmos

Data stored in datacentres in France

All data of a personal nature are stored in Toulouse in France at NFrance. NFrance is a historic player in hosting, data management and critical digital services. NFrance belongs to the Kosmos group. In this context, Kosmos ensures the traceability of personal data by mastering all of the data processing chain from the creation of software up to its hosting and data management.

The major principles of GDPR

The General Data Protection Regulation (GDPR) is the new European reference text with regard to personal data protection, in force since 25 May 2018. With respect to the law of Computing and Freedom, GDPR reaffirms gathering of consent, reinforces the right of persons and the transparency for the processing of personal data.

The main obligations of GDPR are:
RGPD Kosmos Collecting the consent of persons whose personal data is subject to processing.
RGPD Kosmos Reinforcing personal rights with the right of access, of opposition, of correction , of removal and the portability of data.
RGPD Kosmos Providing transparency with regard to the processing of data. Data processing is done depending on the real needs of the company. Data processed and their use responds to a precise and clear objective. Procedures for the elimination of old data and security are put in place to limit its conservation and to preserve its integrity and confidentiality.
Since 2004, data security has been integrated into the Kosmos operating procedure with the DSE (SDET) guidelines proposed by the French Ministry of National Education. Established for 15 years, SDET is a precursor document to GDPR. It strongly supervises the protection of data by establishing security measures for the DSE publishers to observe.

The actions put in place by Kosmos to be compliant with GDPR

To respond to this new regulation, Kosmos has already put an action plan in place:
RGPD Kosmos The nomination of a PDPM (Personal Data Protection Manager) assisted by 5 advisors. Each advisor is in charge of making sure that the processing of data performed in their department is compliant with GPRD. The expertise in their activity of each advisor ensures better monitoring of the processing of personal data. By working in collaboration with them, the DPDM provides the company with a global, in-depth vision of the different processing of existing data.
RGPD Kosmos Setting up of security measures to guarantee the protection of personal data
RGPD Kosmos Assisting clients and users on this subject:
RGPD KOSMOS Drafting of contracts compliant with GDPR
RGPD Kosmos soutien client Creation of support for clients wishing to exercise their rights concerning the management of their data.
RGPD Process de notification Kosmos Setting up a process of notification of the client or the manager of the processing of personal data as soon as possible in case of data violation.

What is the role of the DPM?

To ensure better monitoring of personal data, Kosmos has named 1 DPM. Their role is:
Kosmos RGPD To inform and advise the management, the technical teams and other internal Kosmos departments, but also its clients, its partners so as to ensure that the processing of personal data is compliant with GPDR
Kosmos RGPD Monitoring adherence to GPDR principles
Kosmos RGPD Advising Kosmos on the generation of an impact analysis (PIA of the CNIL) and to verify its execution
RGPD Kosmos Cooperating with the CNIL (National Commission for Information and Freedom) and being its point of contact.
If you have any questions, do not hesitate to contact our Personal data protection manager: