Digitalization brings great opportunities to our societies but the rapid technological development also brings new and accelerated privacy and security-related risks. At Telia Company we have high ambitions within both areas. Our 2023 goal is to have top tier positions with regards to privacy in all markets and be a preferred supplier due to the measures we take regarding security.
Telia Company has adopted a “privacy by design” approach to ensure GDPR compliance and transparent management of personal data in all new products and services. Key components of our approach are:
- Embedding data protection into our business including products, processes, and IT systems from the initial design-stage and then throughout their lifecycle
- Analyzing data protection parameters from the initial planning stages of a data processing operation by carrying out privacy screenings
- Conducting a Privacy Review and when needed a Data Protection Impact Assessment (DPIA) before carrying out data processing where the processing is likely to result in a high risk to the rights and freedoms of individuals
Our day-to-day business operations are supported by a privacy team who provide proactive guidance on compliance with GDPR and other privacy laws. In addition, we have a team of Data Protection Officers (DPO), whose task is to monitor whether different areas of business adhere to our privacy standards. Our DPOs also ensure that requests from individuals as well as data protection authorities are responded to in accordance with the GDPR.
Increasing risks associated with cyberattacks are a challenge for our industry and society at large. To manage these risks, we take both proactive and reactive measures with focus on continuous improvements in constantly and rapidly changing security environments.
- Proactive measures: Our security framework is developed in alignment with ISO 27001 and other relevant standards. The management system is certified according to the ISO 27001 standard and includes key parts such as security governance and information security risk management processes, including their supporting systems, and specifies requirements on information security and related risk management across all Telia functions and local organizations. External audits are carried out annually to ensure that proper security measures are in place as well as to ensure continuous improvement of the management system related to the ISO 27001 certification.
Key proactive measures include implementing a “security by design” approach. This ensures that products, systems, and infrastructures are developed and implemented with security controls from the beginning to minimize potential cybersecurity risks.
- Reactive measures: Our Global Security Operations Centre (GSOC) is responsible for reactive measures, by monitoring and handling cybersecurity incidents around the clock. The GSOC is a member of the Forum of Incident Response and Security Teams (FIRST) and is a Trusted Introducer (TF-CSIRT).
More information can be found on pages 91-92 in the 2021 Annual and Sustainability Report.