Customer privacy

(GRI 3-3, GRI 418-1) 

The importance of data protection cannot be overstated in an era where personal data permeates almost every facet of Alpiqʼs operations, even though Alpiqʼs activities are primarily focused on the business-to-business segment. We have implemented stringent protocols that include encryption, access controls and regular assessments and audits as well as awareness training and target-group-oriented communication. We continuously improve the existing data privacy management system through close collaboration between the Group Data Privacy Officer (DPO) and its Local Privacy Partners (Privacy Champions), to ensure data privacy compliance in accordance with the GDPR and all other applicable local regulations.

Alpiq did not record any substantiated complaints concerning a breach of customer data in the reporting year. One employee fell victim to a phishing attempt; however, all the necessary technical and organisational measures were taken immediately to prevent any further spread. The attempt posed only negligible risk to Alpiq data or Alpiq customer data. Alpiq had a total of four smaller internal data disclosures relating to employee data. In all cases, technical and organisational measures were adapted accordingly. Additional trainings were also provided to the relevant personnel.

Milestones

• Adjustments to the data privacy framework based on revised Swiss Federal Data Protection Act that came into force on 1 September 2023, as well as an extensive communication and awareness initiative
• Focus on collaboration between the DPO and the CISO, HR and IT departments
• Culture of awareness and adherence to compliance and data privacy standards fostered throughout the organisation
• Further implementation of the Privacy by Design and Privacy by Default approach

Statement

Frameworks/Standards

General Data Protection Regulation (GDPR)