For a leading innovative, science- and technology-driven company such as ours, compliant handling of information is of utmost importance. When using personal data, the individuals’ rights must be appropriately protected. In this regard, we strive to safeguard the rights of any person whose data we process, including but not limited to our employees, patients, customers, healthcare professionals, suppliers, visitors, and other business partners.
Our approach to data privacy
The mandate and goal of our Group Data Privacy unit is to mitigate risks and create a global framework for data privacy-compliant business operations. This unit helps to build our employees’ capacity to handle data correctly and with clear accountability and it safeguards our company by providing data privacy risk assurance. Group Data Privacy also contributes to creating value for the development of digital business models.
Data privacy training
In line with the EU GDPR and our global approach to ensure data privacy, we regularly conduct e-learning training courses in ten languages. An update to this training course is planned for the first quarter of 2021. Additionally, Local Data Privacy Officers complement the execution of our Group-wide training plan by conducting training for specific target groups.
IT tools for documentation
We maintain a central IT tool to provide a single source for data privacy processes, such as registering data processing activities and reporting potential data privacy incidents. This tool will be redesigned in 2021. Additionally, we use our company intranet for further communication, including answering data privacy questions and providing standardized templates. We registered no sanctioned complaints or incidents concerning breaches of customer privacy, leaks, thefts, or losses of customer data in 2020. In three cases, minor personal data breaches were reported to the supervisory authority which were not sanctioned.