When collecting your personal data and using it for different purposes, it is very important for us in the S Group to comply with all legal requirements on the processing of personal data and keep your data safe. For this reason, we consider in advance what kind of risks are involved with the intended use of the data, the technology we use, et cetera, and mitigate these risks. New services and applications always go through a data protection and information security assessment before they are published for our customers or employees to use. In addition, we reassess the services and applications that are already in use whenever changes or improvements are made.
To ensure integrated data protection by default, we conducted around 150 data protection and information security assessments concerning the S Group’s projects, initiatives and modifications in 2019. Projects, initiatives and modifications that may expose data subjects to significant risks have also been subjected to separate data protection impact assessments.
In 2019, data protection impact assessments covered the S Pharmacy Services, the Collect and Scan service and our internal HR system reform, among others.