Our Data Protection Organization
Fresenius Kabi operates a central data protection center of competence. This center has set up a data protection management framework in alignment with ISO 29100 (privacy framework for the protection of personally identifiable information). The competence center aims to implement a harmonized and consistent way of processing personal data across all Fresenius Kabi entities. It sets the policies, procedures and standards for data protection and provides tools and processes for the employees as well as training and awareness material. Furthermore, this center provides expertise on all data protection topics.
Our data protection and security policies, associated procedures as well as our guidelines for processing personal data aim to create a uniform and basic level of adequate data protection across all Fresenius Kabi entities.
Our local data privacy advisors at the various Fresenius Kabi legal entities support local management in their compliance efforts. They do this by executing risk and compliance assessments for the different data processing activities. With these assessments we aim to integrate data protection requirements into the design of a process or a system.
Our internal IT service provider, Fresenius Netcare, has implemented a certified management system for information security according to ISO 27001 in order to provide high security standards for data centers. Our Global Cybersecurity Emergency Response Team (CERT) identifies, evaluates and responds to security incidents and acts as a central contact point for security-related topics.
The monitoring of our data protection compliance efforts is overseen by our data protection officer.
Our Data Protection Policy
Our data protection policy sets out the requirements for our employees when collecting and processing personal data. It includes that all processing activities that are introduced are subject to a risk and compliance assessment process.
In these assessments we ensure that all relevant data protection principles have been taken into consideration within the design. In certain cases, a data protection impact assessment might be necessary before starting the respective processing activity.
We register the data processing activities within Fresenius Kabi in the “Records of Processing Activities”. This register contains essential information to comply with the data protection laws.