Our approach to data protection
Fresenius Kabi operates a central data privacy centre of competence. This centre has set up a data privacy management framework in alignment with ISO 29100 (Privacy framework for the protection of personally identifiable information). The competence centre aims to implement a harmonised and consistent way of processing personal data across all Fresenius Kabi entities. It sets the policies, procedures and standard for data privacy and provides tools and processes for the employees as well as training and awareness material. Furthermore, this centre provides expertise on all data privacy topics.
Our data protection and security policies, associated procedures as well as our guidelines for processing personal data aim to create a uniform and basic level of adequate data protection across all Fresenius Kabi entities.
Our local data privacy advisors at the various Fresenius Kabi legal entities support local management in their compliance efforts. They do this by executing risk and compliance assessments for the different data processing activities. With these assessments we aim to integrate privacy requirements into the design of a process or a system.
Our internal IT service provider, Fresenius Netcare, has implemented a certified management system for information security according to ISO 27001 in order to provide high security standards for data centers. Our Global Cybersecurity Defense Team (CERT) identifies, evaluates and responds to security incidents and acts as a central contact point for security-related topics.
The monitoring of our compliance efforts is overseen by our Data Protection Officer.
In these assessments we ensure that all relevant data protection principles have been taken into consideration within the design. In certain cases a data protection impact assessment might be necessary before starting the respective processing activity.
We register the data processing activities within Fresenius Kabi in the “Records of Processing Activities”. This register contains essential information to comply with the data protection laws.