Back to thematics

Data protection and system security


Data protection and system security

Yearly report 2021

Sibelga takes care to protect the data of its Brussels customers and protects itself against attacks on its computer systems that could disrupt the supply to its customers.

Secure management of consumption data

Like any company that processes personal data, Sibelga must comply with the requirements of the General Data Protection Regulation (GDPR).

Alexandra Marlier is Sibelga’s Data Protection Officer (DPO): “As a manager of the gas and electricity distribution networks, we process our customers’ consumption data. This data is managed in a secure manner, based on legal requirements and for well-defined purposes. At present, they are collected on an annual basis. But we are actively preparing for the introduction of smart meters and the collection of data at a finer granularity.

In some cases, consumption data may be shared with public or private operators as part of projects related to the energy transition: “In this case, we aggregate or anonymize the data depending on the legal bases, purposes, etc.,” explains Alexandra Marlier.

In addition, Sibelga ensures that its contracts with its suppliers comply with the RGPD and that the data is kept in Europe.

Focus on network security

In 2021, Sibelga has put in place various measures to be able to detect and react as quickly as possible to a potential attack on its servers and networks. “We have focused on creating visibility: that is, our ability to monitor and understand everything that happens on our infrastructure, so that we can detect irregularities. We focused on our Internet presence, access to our data and IT infrastructure, in order to detect areas of improvement and to accelerate the detection of possible attacks,” explains Peter Van Lierde, Chief Information Security Officer.

In addition, Sibelga is preparing for its designation as an essential operator under the NIS (Network and Information Security) law. This law requires essential service operators to take specific measures to ensure the security of their networks and information systems.

Pending official notification, initial steps have been taken to implement an information security management system, which will enable compliance with the requirements of the NIS law. “This system will be implemented for the services that are essential to our core business: the supply of gas and electricity to Brussels customers,” says Peter Van Lierde.