Our customers, employees, and other stakeholders expect their personal information to be protected with the most excellent possible care, and we take this responsibility very seriously. Ensuring data security and respecting the privacy regulations are our highest priorities.
Requirements for data protection laws in different jurisdictions have become much more stringent in recent years. Implementing the European Union’s General Data Protection Regulation (GDPR) has resulted in additional rules that companies are obligated to meet when they process personal data. The Kuehne+Nagel Privacy framework sets out six privacy principles that all employees must respect, wherever they are in the world: reasonable care, purpose limitation, reasonable restriction, transparency, and openness about where personal information is stored and used, choice and consent, and privacy by design.
As the data privacy programme transitions from implementation to business operations, we will monitor and audit the activities and processes of the privacy governance in all entities.
We consider identifying and managing data protection risks at the processing level to ensure that they are measured, monitored, and mitigated in our critical operations.
The results of this analysis form the basis for managing and minimising risks. They enable us to adopt a risk-based approach to further develop our privacy-related risk management. The acceleration of digitisation driven by the COVID-19 crisis brought new challenges for data protection.
Our approach includes improving transparency regarding the use of personal data and a better understanding of the risks related to the processing of personal data. Looking forward, we will continuously aim to improve to ensure compliance with GDPR and will review updates on the Kuehne+Nagel Privacy framework, applicable rules, and privacy guidance to respect to needs of regulatory changes and court decisions. We will also increase awareness of data protection-related issues within the Group, including requirements for international data transfer.
Our data protection management system enables the systematic planning, implementation, and continuous monitoring of measures to comply with data protection regulations. It is based on the applicable data protection regulations.
We also enrolled in a global computer-based data privacy training for all employees processing personal data.
Incidents relating to data protection that occur in processes subject to the provisions of the GDPR are handled by the data protection department, which is supported in its investigations by local incident support.