GDPR and Privacy

We have a comprehensive privacy framework that includes Privacy Policy approved by our Board of Directors,  as well as relevant instructions and guidelines for privacy protection. We have governance model in place to ensure the daily implementation of the required activities and to improve the processes continuously. All our business units are responsible for the implementation of data protection in their operations by taking applicable data protection requirements into account. We have a Data Protection Officer for the Group who supports and advises units in their data protection activities. GDPR and privacy compliance is followed by the Risk and Compliance Committee, which report to the Accountor Management Team.

Our personnel is trained and aware of the data protection requirements. Our specific GDPR training is mandatory for all Accountor’s employees.

We have defined processes, detailed guidance, and interpretations on, among other things:

• Individual’s rights
• Data breach management
• Data protection impact assessment

Specific data protection clauses are incorporated into our agreements for customers and business partners. We are committed to ensuring that our business partners are compliant with the GDPR.

Information Security 

Since security attacks are continuously getting stronger, our security must constantly be monitored to stay protected from evolving threats. The impact and risks of personal data processing are assessed before starting processing and thereafter when needed. Thus, data protection is embedded into and maintained in all operations.

Furthermore, we are building data protection safeguards into our products and services from the earliest stages of development. We are currently in a process to build Group level Information Security Governance framework to harmonize information security activities in all business operations and units. 

Information security activities are documented appropriately and reviewed on a regular basis.