IE 11 is a very old browser and is not supported on this site.
ende

Data protection

Sustainability

Data protection is a top priority for Galenica as a healthcare provider. Galenica ensures that the privacy and fundamental rights of customers, patients, employees and other persons are fully protected at all times when processing data. Appropriate data protection measures are taken for this purpose. These protect against unauthorised access of customer data and internal company information as well as against cyberattacks.

graphic

Management of the material topic (GRI 3-3)

As the Swiss healthcare system becomes increasingly digitalised, the importance of data protection grows and the legal requirements for data processing become more comprehensive. Data protection relates to the handling of data pertaining to natural persons. It aims to protect the privacy of these persons when processing their data; in the case of Galenica this includes customers, patients and employees in particular. Health data classified as particularly sensitive by law is subject to additional requirements, which Galenica specifically takes into account. Galenica ensures compliance with data protection principles, in particular with regard to transparency and security.

Data Protection Policy and employee training

Galenica has a professionally qualified, independent internal Data Protection Officer who acts as a free agent to oversee this important topic. The Data Protection Policy forms the overarching framework and is supplemented by rules and directives for specific matters. All employees and other auxiliary persons are obliged to comply with the Data Protection Policy and by extension the data protection principles. All employees are regularly trained and made aware of data protection issues. In the reporting year, the Data Governance division developed a transparently structured platform for conveying requirements for the processing of personal data. Employees will be able to obtain all the information they need easily themselves. Future e-learning courses will be built on this platform. This will facilitate constant awareness-raising of how to handle personal data responsibly and behave correctly in the event of identified data breaches in the long term.

Focus on revised data protection legislation

The new Data Protection Act entered into force on 1 September 2023. In order to implement this as effectively as possible, we observe the evolving practices in the healthcare industry and beyond, as well as the guidelines and expectations communicated by the authorities. All companies of the Galenica Group have published new privacy policies and thus comply with the higher information requirements. Among other things, it provides points of contact to which data subjects can turn with questions and concerns, such as to object to certain data processing, make a demand for information or request the deletion of data. Internal transparency regarding data processing is being increased by keeping a processing record and documenting the associated application landscape in LeanIX. Risks of new data processing are assessed in coordination with the internal Data Protection Officer and, if necessary, reduced by taking appropriate measures, such as defining policies or regulating access rights. The data governance and security divisions collaborate closely on these matters. Galenica is continuing to work on assessing data protection risks, addressing them in a standardised manner and integrating them directly into processes. The data governance managers, who were appointed in 2023, are the first point of contact in the corporate divisions and Group companies. They are regularly informed, trained and supported by the division in advance of developments.

Data & AI Governance Board

In 2024, Galenica established the Data & AI Governance Board, a new body that helps create a clear regulatory framework for the responsible use of data and AI applications. It ensures the coordination of corporate activities in this area and harmonisation of the data strategy and values of Galenica. The Data & AI Governance Board is chaired by the internal Data Protection Officer and, with other members from the areas of information security, enterprise architecture, data strategy, AI and a member of the Executive Committee, is interdisciplinary and in possession of great expertise.

Objective data protection

Goal

Status

Target year

Measurement parameter

 

2024

 

2023

Several times per year, we carry out measures to raise employee awareness in the area of data protection.

Every year

Number of measures

 

9

 

6

↗  Realistic
→ Partially delayed/critical
↘  Critical
=  Achieved
×  Not achieved

In 2024, a total of nine awareness-raising measures were carried out on the subject of data protection. The focus of the training courses was tailored to the respective target group, such as a training course on criminal liability under the Data Protection Act for data governance managers.

Evaluation of the management approach and measures

  • Reviews: Galenica keeps up to date with the ongoing developments in data protection law and practice and conducts regular audits, thus ensuring that legal regulations are observed and a high standard is maintained in relation to the handling of personal data.

Substantiated complaints concerning breaches of customer privacy and losses of customer data (GRI 418-1)

In the reporting year, there were no substantiated complaints relating to a breach of data protection, and there were no official investigations of data theft or loss.

Integrity in the supply chain
IT security and cybercrime
Galenica uses cookies to optimise the functions of the website and to ensure you enjoy the best possible experience. Use of cookies & disclaimer
OK