The trust of the outside world is very important to us. To maintain and improve the trust we work hard to protect the personal and confidential information we receive. This is combined with our ongoing efforts to be transparent about our use of such information, and to ensure compliance with applicable data privacy laws and regulations. Our efforts in these areas are supported by the dedicated departments we have established within Information Security and Data Privacy.
Data Privacy
We handle personal information pursuant to our global data privacy policy that forms our global baseline for privacy compliance. In addition, we have established global corporate procedures for handling data subject requests and data breaches, we track incidents closely to mitigate adverse trends and risks quickly.
We have appointed a Data Protection Officer to head up our efforts within the field of data privacy. The Data Protection Officer is fully dedicated to focus on data privacy, and is supported by local privacy representatives from our subsidiaries. The Data Protection Officer reports to Coloplast management on a regular basis, and is engaging with representatives of important group functions in a Data Privacy Board.
Information Security
Information security is an absolute prerequisite for Coloplast in order to deliver on our mission as well as execute on our ambition of being the best performing Medical Device Company.
It is therefore essential that our information assets are protected from external and internal threats; unauthorized disclosure as well as breach of confidentiality, integrity or loss.
Global and standardized IT solutions, guidelines and processes are aimed at ensuring business continuity, business supporting processes and efficient sharing, protection and preservation of information.
We verify our information security management system through ISO/EIC 27001 certification and we drive continuous compliance to standards and policies through regular audits.
At the same time, we balance convenience and efficiency for authorized users against external and internal threats though information security risk management.