Cyber security and personal data protection

Cybersecurity and in particular the protection of personal data are major challenges for a group the size of ENGIE at the heart of the energy transition and the digital revolution.

Cyber security and personal data protection

Cybersecurity concerns the IT security of individuals, tangible and intangible IT assets and organizations. This has become a crucial issue for the company and its stakeholders.




A number of systems are in place to counter the risk of a cyberattack or fraud:


  • A cyber security monitoring centre keeps a constant eye on our networks and critical infrastructure. It includes monitoring of security patches
  • User awareness campaigns
  • Regular testing of the security systems in place, including tests against hacking and phishing, and crisis management testing
  • Monitoring online attacks and fraud
  • Additional special actions are taken according to cybersecurity regulations, like Europe’s Directive Network and Information Security (NIS)
  • For some service parameters, certifications covering cybersecurity have either been obtained or are being worked towards (ISO, SOC2)


ENGIE also has cyber insurance.


All of these systems are regularly updated to adapt to new cyberattacks.


Below are links to the ENGIE Insight (United States) website on Security and Compliance, the site of the Agence Nationale de la Sécurité des Systèmes d'Information or ANSSI (France) and the site of the National CyberSecurity Centre or NCSC (United Kingdom): Personal data protection



Protection of personal data


The requirements of the European Regulation regarding Personal Data Protection (EU 2016/679) increased companies’ obligations when processing personal data (whether it’s from their employees, their clients, their partners, ...). These new obligations lead ENGIE to update its Group data privacy policy and to bring its data processes to compliance.


Binding Corporate Rules


ENGIE handles personal data, including those related to its employees as part of human resources management. Aware of the sensitivity of these data, the Group has set up Binding Corporate Rules (BCR) to ensure their protection in case of transfer outside the European Union. With these BCR, approved by all European data protection authorities, ENGIE joined the circle of companies that pay particular attention to the protection of personal data.



For any questions regarding the protection of personal data, please contact ENGIE through its GDPR Portal.