The way in which we gather and process personal data relating to all employees and external parties with whom we are in contact complies with data protection regulations with the sole aim of meeting the intended purposes.
European privacy law has changed fundamentally since May 25, 2018. Taking immediate effect in all member states of the European Union, the General Data Protection Regulation (GDPR) provides a uniform basis for implementing privacy law throughout the EU. The role of privacy law is to protect personal data. It includes any information about natural persons, such as name, contact data, date of birth, religion, gender, and even simply email addresses. The GDPR regulates the use and processing of personal data and obligates every company that records personal data to do so only within narrow constraints and by taking a whole host of protection mechanisms into consideration.
Every WACKER employee who records, uses or processes personal data must always ask themselves whether this data is indeed necessary and has to be stored and if so, for how long. We must all undertake to ensure that no infringements of privacy law occur. Even before the GDPR took effect, we had introduced mechanisms to ensure compliance with existing data protection legislation.
All the same, the new EU regulation entailed considerable adaptation of these mechanisms. In 2017, we analyzed what action needed to be taken and adopted suitable measures. Applications and processes were adapted to GDPR requirements.
A mandatory online data protection course for employees was introduced in in 2018. Employees who work in particularly affected departments are given additional individual training. Our Compliance Regulation now contains a supplement that describes the main aspects of the GDPR.
Information about the GDPR is available on our website and on our intranet. We use a film – which can be viewed on our internal video portal – to sensitize employees groupwide about the proper conduct to adopt when dealing with internal or external questions to do with data protection.
There were no justified complaints relating to the violation of customers’ privacy or the loss of customer data during the reporting period.