Lucille Bonenfant

Lucille Bonenfant

Vice-President and Chief Privacy Officer

As an IT and business consulting services company operating worldwide, data is crucial to our business as its protection. From advising clients on how to build and deploy their enterprise digital transformation strategies to running critical IT systems that help public and private organizations operate their core business, the work we do involves processing vast amounts of data.

Every year on January 28, the international community celebrates Data Privacy Day (known in Europe as “Data Protection Day”). The objective of this day is to raise awareness about the importance of respecting privacy, safeguarding data, and promoting data protection best practices. As CGI’s Chief Privacy Officer, I feel that this international effort is a great opportunity to recognize the work we must do every day to maintain the highest data protection standards throughout our operations.

Digital leaders place a premium on adhering to privacy and data protection standards

For the 2021 CGI Voice of Our Clients program, we met with 1,695 business and IT executives to gather their perspectives on the trends affecting their enterprises. The 20% who cite they are producing expected results from their digital transformation strategies, prioritize privacy by 14 percentage points more than those organizations not yet producing expected results.

Our research indicates that those executives who accelerate digital transformation are also more sensitive to data privacy laws and regulations. They build risk mitigation directly into their customer or citizen digital journeys and embed proper safeguards and processes for handling personal data. For these digital leaders, effective data protection facilitates, rather than constrains, customer and citizen adoption and avoids the costs of breaches.

To learn more about the attributes of digital leaders, I invite you to read our white paper: Optimizing your digital value chain to accelerate successful business outcomes.

Our commitment to personal data protection reaches every level of our organization

We support our clients’ compliance process by investing in privacy and maintaining principles inspired by the highest standards of applicable data protection legislation. Our Data Privacy Policy is binding for all our consultants and other professionals regardless of their location, as well as third parties engaged by us.

On July 22, 2021, CGI’s Binding Corporate Rules (BCRs), considered as the “gold standard” for data transfer, were approved by the French Data Protection Authority (CNIL). This intra-group data protection framework allows us to transfer European Union residents’ personal data internationally through a consistent standard of protection and proper safeguards. CGI’s BCRs’ approval process required a thorough and conclusive review by all European data protection authorities in accordance with the consistency mechanism set out in the General Data Protection Regulation (GDPR).

In addition, we continuously work to enhance our existing information security management system to meet the additional requirements of ISO 27701 (Privacy Information Management System), whether we are processing personal data for internal purposes or on behalf of our clients.

Data privacy and protection are key to enhancing trust and accelerating digital transformation

As a digital transformation provider, we place a premium on adhering to a consistent and high-quality set of standards for data protection. As digital continues to permeate every aspect of today’s society, we consider that each individual should understand how personal data is being collected and processed and why. Data protection is key to enhancing clients’ trust and delivering significant business value.

We put privacy and data protection high on our agenda. I invite you to learn more about CGI’s privacy and data protection program by consulting the privacy section on our website, and wish all of you a very happy Data Privacy and Protection Day.

About this author

Lucille Bonenfant

Lucille Bonenfant

Vice-President and Chief Privacy Officer

In May 2021, Lucille Bonenfant was appointed CGI’s Chief Privacy Officer, overseeing the company’s global data protection strategy, enterprise-wide data protection policies and procedures, and data protection regulatory compliance. A prominent lawyer with more than 15 years’ experience in business and contract law, including ...