IE 11 is a very old browser and is not supported on this site.

Data protection

GRI report

As a healthcare provider, the protection of patient data is a top priority for Galenica. Galenica ensures that this information is protected against unauthorised access and unauthorised changes or loss.


Management of the material topic (GRI 3-3)

As the Swiss healthcare system becomes increasingly digitalised, the importance of data protection grows and the legal requirements for data processing become more comprehensive. Data protection involves the handling of patient and customer data with the aim of protecting the privacy of patients when their data is processed. Health data is sensitive information that must be protected by law against misuse. Data protection plays a key role in the Service Unit Pharmacies and HCI Solutions in particular. Galenica ensures that patient data is protected against unauthorised access and unauthorised changes or loss. Data protection is also an important basis for a peaceful and inclusive society and strong institutions.

Data Protection Policy and employee training

Galenica is being assisted in this important area by an independent external data protection officer. The Data Protection Policy forms the overarching framework and is supplemented by specific rules and directives for the Group companies. All employment contracts of employees who have access to personal data also contain a data protection clause. All employees are regularly trained and made aware of data protection issues. In the reporting year, the Legal Department developed a new e-learning course on data protection. The campaign ran from October to December in 2023 and aimed to give all employees an overview of Swiss data protection law and professional secrecy. In addition, the e-learning course helps all employees to conduct themselves in compliance with the law on a day-to-day basis, teaches them about the Galenica Group’s data governance organisation and how to behave correctly when detecting data breaches.

Focus on data protection revision

At the end of September 2020, the Swiss parliament passed a complete revision of the Federal Act on Data Protection (nFADP). The nFADP and the new Ordinance to the Federal Act on Data Protection (DPO) entered into force on 1 September 2023. The revision will bring the Data Protection Act into line with technological and social conditions, which have changed since the act was last revised. In particular, the transparency of data processing will be improved and the autonomy of data subjects will be strengthened. The revised Data Protection Act has been aligned in many areas with the EU General Data Protection Regulation (GDPR) and entails new obligations for companies. Galenica is working on implementing these new requirements, one of which is the duty to provide information. Against this backdrop, Galenica published a Privacy Policy for employees in 2022 and developed a new process for exercising the right of access, which enables data subjects to have control over their own personal data. In 2023, Galenica worked intensively on implementing measures to ensure compliance with the new Data Protection Act. For example, data protection coordinators have been appointed in all Service Units and Business Units to support all employees as the first point of contact for questions regarding the use of data. All employees also received training on data protection and professional secrecy. All patients will be informed about the use of their data in new privacy statements. In addition, the Group’s Legal Department continues to follow the EU GDPR practices.

Data Protection Circle

The Data Protection Circle is a committee that offers employees of the Legal Department, IT and operational business sectors a platform for managing and coordinating data protection issues and questions across the Group and implementing preventive measures at an early stage. The committee therefore makes a major contribution to compliance with data protection legislation. The Data Protection Circle is headed by the General Secretary. The committee is part of the Legal Department.

Objective data protection



Target year

Measurement parameter





Twice a year, we carry out measures to raise employee awareness in the area of data protection.

Every year

Number of measures


>2 awareness-raising measures 


>2 awareness-raising measures 

↗  Realistic
→ Partially delayed/critical
↘  Critical
=  Achieved
×  Not achieved

In 2023, all data protection coordinators in the Galenica Group took a one-day training course on the new Data Protection Act. In addition, the People & Culture team, pharmacy employees and the Verfora Executive Committee received training on the specific handling of sensitive personal and health data. A separate page on data governance has been set up on the intranet, where all employees can find out more about the topic.

Evaluation of the management approach and measures

  • Reviews: Galenica keeps up to date with the ongoing amendments to data protection legislation and conducts regular audits, thus ensuring that legal regulations are observed and a high standard is maintained in relation to the handling of personal data.

Substantiated complaints concerning breaches of customer privacy and losses of customer data (GRI 418-1)

In the reporting year, there were no substantiated complaints relating to a breach of customer data protection, and there was no statutory investigation of data theft or loss.

Galenica uses cookies to optimise the functions of the website and to ensure you enjoy the best possible experience. Use of cookies & disclaimer