Our approach.

Customers’ and stakeholders’ trust is important for Telia Company. We want everyone who shares their personal data with us to feel secure that their data is used according to their expectations.

As soon as the General Data Protection Regulation (GDPR ), the EU legislation governing how personal data should be handled, entered into force in 2016, Telia Company started its group-wide GDPR program. Since numerous principles of GDPR already existed under the old Data Protection Directive, we were able to build on previous experience and best practices while implementing new GDPR principles. 

Responsibilities of DPOs

The main task of Data Protection Officers (DPOs) is to facilitate Telia Company’s and its’ subsidiaries compliance with GDPR obligations across the relevant markets. DPOs continuously monitor privacy compliance internally and communicate on privacy matters, GDPR and local data protection provisions.

We have designed different tools and processes to ensure that we work in a correct manner with personal data across the company. These tools and processes are used and monitored by DPOs to both verify compliance as well as to continuously ensure effective and legitimate ways of working with privacy and data processing and to improve our practices.

Telia Company has carried out privacy training for our employees for several years. DPOs continue to facilitate privacy-awareness inside the company and continuously improve training materials to fulfil the GDPR needs as interpreted today and tomorrow. All Telia Company employees receive privacy training.

Privacy and data protection is a focus area for Telia Company and it is therefore governed by a Group Policy - Privacy and Data Protection.

In case you have any questions about the way Telia Company takes care of your privacy and exercise your rights, our DPOs will be happy to assist with your questions. 

Data protection officers


What is GDPR?

GDPR stands for General Data Protection Regulation – an EU law that regulates rights connected with personal data, including by giving all individuals control of their own personal data in all relations with companies, regardless if they are a customer or an employee. GDPR directly applies in all EU countries as of 25 May 2018 and in in countries of the European Economic Area. It covers Telia Company’s footprint in the Nordics and Baltics. There may be some local variations in how GDPR is implemented in different countries, for example, on employee data processing, public health, public sector, archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

What is personal data?

Personal data is all information that could identify an individual directly or indirectly, for instance:

  • name, address, age, gender and position
  • location
  • social security number
  • IP address
  • telephone number
  • subscription details
  • traffic data (technical data generated when an individual uses telecommunication services)

What has Telia Company done to be compliant with GDPR?

In early 2016, Telia Company put in place a GDPR compliance program to carry out necessary changes and implement GDPR provisions across all relevant markets. Telia Company GDPR Program coordinated all activities related to ensuring our customers’ and employees’ privacy rights. Related projects were running also in all countries and group units. We have reviewed our internal processes, privacy policies and security measures, trained our employees, as well as made necessary changes in IT systems to enable our customers to be in control of their personal data, for example, to access or delete certain data on request.

We have also worked on implementing privacy by design in all our products and services, making sure that we are transparent to our customers and employees about how we use their personal data.

This work did not stop on 25 May 2018. We continue to grow a privacy orientated mindset in all our activities, to make sure that Telia Company is the most trusted partner for customers in the Nordics and Baltics.

What does GDPR mean for Telia Company’s customers, be they individuals or companies?

GDPR strengthens individuals’ rights to control their own data.

GDPR allows our customers and end users to:

  • access their personal data processed by Telia Company
  • correct personal data (if faulty)
  • delete personal data under certain conditions (right to be forgotten)
  • restrict and object to some processing of personal data (under specific conditions)
  • have specific data transmitted to another company (data portability)
  • receive compensation for the damages suffered as result of an infringement of the regulation
  • receive privacy information and information on serious data breaches

Our customers may have been asked to give consent for Telia Company to continue to process their personal data for specific purposes. We have also updated and provided more detailed privacy information, first, in our websites and My Telia pages. We continue working to provide high level of transparency to our customers and easy ways to exercise their rights as data subjects. Privacy will be embedded in all our products and services that we provide to our customers and end-users.

Telia Company Privacy Policy

Telia Company customer privacy policy strengthens company processes to ensure careful protection of customer privacy and network integrity. It also aims to ensure that customers feel confident that Telia Company respects and safeguards their privacy. We expect every Telia Company employee to follow the policy in their day-to-day work.

Group Policy - Privacy and Data protection 

Related material

Read the article about Telia Company and GDPR

To the article