Our Data Privacy Organization
Fresenius Kabi operates a central data privacy center of competence. This center has set up a data privacy management framework in alignment with ISO 29100 (privacy framework for the protection of personally identifiable information). The competence center aims to implement a harmonized and consistent way of processing personal data across all Fresenius Kabi entities. It sets the policies, procedures and standards for data privacy and provides tools and processes for the employees as well as training and awareness material. Furthermore, this center provides expertise on all data privacy topics.
Our data protection and security policies, associated procedures as well as our guidelines for processing personal data create a uniform and basic level of adequate data protection across all Fresenius Kabi entities.
Our Local Data Privacy Advisors at the various Fresenius Kabi legal entities support local management in their compliance efforts. They do this by executing risk and compliance assessments for the different data processing activities. With these assessments we aim to integrate privacy requirements into the design of a process or a system.
Our internal IT service provider, Fresenius Netcare, has implemented a certified management system for information security according to ISO 27001 in order to provide high security standards for data centers. Our Global Cybersecurity Defense Team (CERT) identifies, evaluates and responds to security incidents and acts as a central contact point for security-related topics.
The monitoring of our compliance efforts is overseen by our Data Protection Officer.
In these assessments we ensure that all relevant data protection principles have been taken into consideration within the design. In certain cases a data protection impact assessment might be necessary before starting the respective processing activity.
We register the data processing activities within Fresenius Kabi in the “Records of Processing Activities”. This register contains essential information to comply with the data protection laws.