The confidential and secure treatment of customer and company data is an integral part of our corporate policy. In the context of the digitisation of our business processes and the generally increasing significance of digital business models, the knowledge of how to protect personal data and company information is becoming ever more important.
In order to train our employees consistently in data privacy, information security and unbundling (the decentralisation of grid and sales activities), we are working on introducing holistic e-learning modules. In 2015, we designed new course content and developed existing tools further. By 2020, we want 85% of the employees in companies where training sessions are compulsory in one or several of the three topics to have taken part in the training scheme. This corresponds to the maximum achievable coverage in practice.
Information security: New guidelines, established organisational structure
The Group-wide information security team aims to protect the information key to business success from loss, misuse and manipulation, as well as to support digital business processes.
In 2015, we also developed a new Group guideline that entered into force in 2016. It lays out the principles of information security throughout the Group. Additionally, the organisational structure for information security agreed upon in 2014 was also established in practice in 2015. The newly appointed chief information security officer represents the Group’s requirements in terms of information security. Security standards and guidelines are developed by the information security council (ISC) headed by the chief information security officer. The council is made up of the information security officer and IT security teams of the Group companies.
Unbundling (separation of grid and sales activities)
The German Energy Management Act (Energiewirtschaftsgesetz) requires that grid operations and sales should be separated under corporate law. The grid operator has to guarantee all service providers discrimination-free access to the grid. In order to fulfil these requirements, EWE works in accordance with a comprehensive compliance programme. Our subsidiaries EWE NETZ, EWE GASSPEICHER, wesernetz Bremen, wesernetz Bremerhaven and Gastransport Nord GmbH report on current developments in annual compliance reports, which have to be presented to the German Federal Grid Agency on 31 March each year.
In dialogue with the industry
Data privacy, information security, unbundling: EWE is involved with working groups of the German government and industry associations in order to help shape legal initiatives and industry standards in these areas. For example, we are members of the public/private partnership between the German government and operators of critical infrastructures (KRITIS), which deals with the implementation of the national cyber security strategy. In terms of unbundling, we engage in regular dialogue in the German Association of Energy and Water Industries (BDEW) working-group meetings. EWE TEL takes part in the BfDI (Federal Commissioner for Data Protection and Freedom of Information) events and is active in relevant data security associations.