Social dimension

Customer privacy

Why is this important?

Since the entry into force of the General Data Protection Regulation (GDPR) in 2018, the processing of personal data has become even more important, both within the company as well as externally with regard to data flows. Alpiq operates in all major European markets, which is why the GDPR is of key importance.

Non-compliance with existing EU and/or national regulations and laws could expose Alpiq to substantial risks. In addition to potential administrative fines as provided for in regulations and laws, Alpiq may suffer a loss of reputation and trust.

What are we doing?

Alpiq runs a data privacy management system and has appointed a Data Privacy Officer (DPO) for the Group. The DPO is part of Alpiq’s compliance team and ensures that this matter is given the importance and attention it requires. Alpiq’s DPO is supported by local privacy partners (coordinators) who ensure data privacy compliance in accordance with the GDPR and all other applicable local regulations. The data privacy experts maintain a regular exchange and participate in further development activities. The focus of activities lies primarily on the business-to-business sector, as this is the main business of Alpiq.

Trust is a fundamental prerequisite for Alpiq’s sustainable success. Alpiq is therefore committed to handling personal data with the utmost care. All employees are trained in the respectful handling of personal data in accordance with the applicable rules and regulations.

Alpiq considers data privacy to be more than a legal requirement; it is an integral part of business practices, as demonstrated by the “Privacy by Design” and “Privacy by Default” concepts that have been introduced. To underline this approach, the procedures were anchored in the internal rules for data privacy, which were approved by the Executive Board in 2018. Alpiq’s DPO manages the privacy management system together with the local privacy partners in all operating jurisdictions.

How do we track the effectiveness of our approach?

The DPO is part of Alpiq’s compliance team and ensures that this matter is given the importance and attention it requires. Alpiq has standard procedures for handling data subject requests and data breaches, as well as for recording complaints. Transparency and data privacy play a central role in Alpiq’s relationships with its customers, partners and employees. Alpiq operates a state-of-the-art privacy management tool for the uniform management of all aspects of personal data.

Milestones in 2022

An internal audit was carried out in 2022 with the objective to assess on a high level the governance, roles and responsibilities, processes, and the control framework. It has been demonstrated that Alpiq has a profound data privacy system in place.

Alpiq recorded one data breach in the reporting year due to a human error. Personal data was not correctly redacted during a due diligence phase. Access to the relevant virtual data room was immediately restricted and the affected files deleted. Stakeholders with access to the virtual data room confirmed the destruction of all impacted and downloaded files. All persons concerned were informed, and the competent data supervisory authority was notified.

Frameworks/guidelines 

- General Data Protection Regulation (GDPR)

GRIs 

- GRI 3-3: Management of material topics 

- GRI 418-1: Substantiated complaints concerning breaches of customer privacy and losses of customer data

Sustainable Development Goals 

- SDG 9