Case Study: Groupama achieves GDPR-compliant customer data protection with SecuPi

A flexible and scalable approach for de-identifying and protecting customer data on cloud & on-prem while meeting GDPR Right to Be Forgotten requirements

Groupama Italy, a major mutual insurance provider, needed a comprehensive solution to protect millions of customers' personally identifiable information (PII) scattered across its complex IT environment. Their challenge was to enforce granular data access controls, comply with stringent GDPR Right to Be Forgotten requirements, and de-identify data in non-production environments, all without disrupting business operations or compromising data integrity.

SecuPi provided a centralized data protection platform that used Attribute Based Access Control (ABAC), dynamic masking, and encryption to manage data access on a need-to-know basis. The solution enabled Groupama to successfully meet its GDPR obligations, including the complex Right to Be Forgotten mandate, while maintaining data integrity across all applications. SecuPi’s implementation had minimal performance impact and created a scalable foundation for securing customer data on-premise and in the cloud.

Groupama