Customer privacy and data
We take care to carefully monitor, evaluate and prevent risks associated with our business, including the protection of privacy and data of our customers - it starts with the analysis of our business, the external environment within which we operate, the regulatory landscape and our internal processes.
Since we store personal data of customers and colleagues, we want to protect it as best as possible. Although the threat landscape is constantly changing, the risk remains unchanged and we continue to closely monitor risks and implement a structured group privacy program.
We put our customers and colleagues at the heart of all decisions we make when using their personal data. Our data privacy policies and processes (including via privacy impact assessments and data governance) establish how we protect and appropriately use personal data.
Our Group data privacy programme includes ongoing assessment and monitoring of privacy risks and controls across our businesses. We have an established team in our security operations centre to detect, report and respond to security incidents (including personal data incidents).
We have a third-party supplier assurance programme focusing on third-party data security and privacy risks.
We recognise the importance of ongoing training and communication to raise awareness of good data handling practices, and to help prevent personal data incidents. We carry out regular induction, awareness, and refresher training for our colleagues.