data protection concept - european commission...germany t +49 89 5600 0 [email protected] 2.6...
TRANSCRIPT
© Kantar Public 2017
Data Protection Concept Data Protection Organisation and Implementation Kantar Deutschland GmbH
© Kantar Public 2017 2
Content
Content 2
1. Version Management 4
2. General information 5
2.1 Objective of this data protection concept 5
2.2 Controller 5
2.3 Data Protection Officer (DPO) 5
2.4 Computer centre information 5
2.4.1 Managing directors 5
2.4.2 Appointed head of data processing 6
2.5 Local description 6
2.5.1 Address 6
2.6 Overview to the obligation to notify pursuant to Section 4d, 4e, 4g (2) German Federal Data Protection Act (BDSG) 6
2.6.1 Purpose of data collection, processing and use 6
2.6.2 Group of data subjects and types / categories of data 6
2.6.3 Recipient or categories of recipients, to whom the data may be disclosed 7
2.6.4 Indicative time-limit for the deletion of data 7
2.6.5 Planned data transmission to third countries 7
2.6.6 Group of persons authorised for access 7
3. Organisational control 8
3.1 Objective 8
3.2 Measures 8
4. Entry control 10
4.1 Objective 10
4.2 Measures 10
5. Access control 12
5.1 Objective 12
5.2 Measures 12
© Kantar Public 2017 3
6. Usage Control 14
6.1 Objective 14
6.2 Measures 14
7. Transmission control 16
7.1 Objective 16
7.2 Measures 16
8. Input control 17
8.1 Objective 17
8.2 Measures 17
9. Order control 18
9.1 Objective 18
9.2 Measures 18
10. Availability control 19
10.1 Objective 19
10.2 Measures 19
11. Separation control 21
11.1 Objective 21
11.2 Measures 21
12. Certificates 22
12.1 ISO/IEC 9001 22
12.2 ISO/IEC 20252 24
12.3 ISO/IEC 27001 25
4© Kantar Public 2017
1. Version Management
Datum Version Autor Veränderung Freigabe Status
27/02/13 0.1 Timo Wilken Initial draft draft
27/06/13 0.2 Patricia Oberle
Minor corrections
draft
29/01/14 0.3 Timo Wilken Change of company name
draft
17/07/14 1.0 Patricia Oberle
Updates Timo Wilken released
22/09/14 1.1 Patricia Oberle
Updates Timo Wilken released
03/11/14 1.2 David Ohlenroth
Updates Timo Wilken released
15/01/15 1.3 Patricia Oberle
Annual review / Updates
Timo Wilken released
14/04/15 1.4 Patricia Oberle
ISO-certificates Timo Wilken released
01/02/16 1.5 Patricia Oberle
Annual review / Updates
Timo Wilken released
28/07/16 1.6 David Ohlenroth
ISO-certificates Timo Wilken released
07/12/16 2.0 Felix Czwikla Annual review / Rebranding
Timo Wilken released
10/01/17 2.1 David Ohlenroth
Change of company name
Timo Wilken released
14/02/17 2.2 David Ohlenroth
ISO-certificates Timo Wilken released
18/05/17 2.3 David Ohlenroth
ISO-certificates Timo Wilken released
5© Kantar Public 2017
2. General information
2.1 Objective of this data protection concept
This data protection concept contains the technical and organisational measures as well as the control activities according to the Annex to Section 9 German Federal Data Protection Act (BDSG) and Section 78a of Volume X of the Social Insurance Code (SGB X) and defines tasks, obligations and responsibilities as well as the conditions of the data processing processes in the company.
2.2 Controller
Kantar Deutschland GmbH, Registered in: München, AG München, HRB 113021, VAT-Number: DE813390549.
2.3 Data Protection Officer (DPO)
Ass. iur. Timo Wilken
Kantar Holding GmbH
Landsberger Straße 284
80687 München
Tel.: +49 89 5600-1176
Fax: +49 89 5600-1730
E-Mail: [email protected]
2.4 Computer centre information
Highly available green IT computer centre
All IT processes are compliant with ISO 20000
Comprehensive SOX controls
2.4.1 Managing directors
Hagenhoff, Winfried
Krüger, Jens
Lainer, Doris
Paule, Frank
Scheffler, Hartmut
6© Kantar Public 2017
Siegel, Dr. Nico A.
Stumpp, Dr. Stefan
Wieland, Robert A.
2.4.2 Appointed head of data processing
Hoogeveen, Henk
2.5 Local description
2.5.1 Address
Kantar Deutschland GmbH
Landsberger Str. 284
80687 München
Germany
T +49 89 5600 0
2.6 Overview to the obligation to notify pursuant to Section 4d, 4e, 4g (2) German Federal Data Protection Act (BDSG)
2.6.1 Purpose of data collection, processing and use
Kantar Deutschland GmbH collects, processes and uses personal data for the purpose of anonymous market, opinion and social research surveys in nearly all areas of society (e. g. Technology & Finance, Media & Internet, Consumer & Industry, Mobility, Political & Social, etc.) according to Section 30a BDSG or as processor according to Section 11 BDSG. The results of all market, opinion and social research surveys are evaluated and transmitted to third parties in an anonymous form only.
2.6.2 Group of data subjects and types / categories of data
Persons, who voluntarily participate in market, opinion and social research surveys (address data from German Kantar companies, from the Principal, from address dealers, from the resident registration office, data from public sources as well as addresses / phone numbers of households and companies which were generated with an automatic random procedure, survey data, possibly further informations, if these are required to fulfil the purpose described under number 2.6.1).
Customers (e. g. address data, identification data, contract data, control data, possibly other data, if these are required for the proper and appropriate processing of the business relationship, e. g. accounting data)
Interested parties / non-customers (e. g. address data, field of interest, bidding data)
Suppliers (e. g. address data, contact data, contract data, accounting and performance data, self-assessments)
7© Kantar Public 2017
2.6.3 Recipients or categories of recipients, to whom the data may be disclosed
Public authorities if statutory provisions are affected, external suppliers pursuant to Section 30a BDSG or within the scope of data processing on behalf pursuant to Section 11 BDSG as well as internal departments / specialist departments of Kantar Deutschland GmbH to fulfill the purpose under number 2.6.1.
2.6.4 Indicative time-limit for the deletion of data
The legislator has introduced several obligations and time-limits for the storage of data. After the expiration of those time-limits personal data will be deleted routinely. If parts of the data are not affected by this, they will be deleted after fulfilling the purpose described under number 2.6.1.
2.6.5 Planned data transmission to third countries
Data transmission to countries outside of the European Union (EU) / the European Economic Area (EEA) shall only be made within the framework of data processing on behalf (Section 11 BDSG), within the framework of a justified interest or because of a voluntary and informed consent of the data subjects. The transmission will be carried out only in compliance with the statutory conditions of admissibility pursuant to Section 4b and Section 4c BDSG.
2.6.6 Group of persons authorised for access
All employees are obliged to maintain data secrecy pursuant to Section 5 BDSG as well as the secrecy of social data pursuant to Section 35 SGB I. Only those employees have access to personal data, which are necessary to fulfill the purpose described under number 3.6.1.
8© Kantar Public 2017
3. Organisationskontrolle
3.1 Objective
The objective of the organisational control is to create an intra-corporate organisation that complies with the specific conditions of data protection.
3.2 Measures
ORGANISATIONAL CONTROL MEASURES
Data protection organisation Appointment of a Data Protection Officer (DPO) and internal business department „Data Protection & Legal“
Data protection contents and documents available via internal company Sharepoint
Cooperation with external law office
Measures to ensure the lawful processing of personal data
Obligation of data secrecy pursuant to Section 5 BDSG and secrecy of social data pursuant to Section 35 SGB I for every employee
Data protection chapter in every employment contract
Informations regarding data protection for every new employee
Process descriptions and examination requirements in accordance with ISO certified quality management system
Measures to ensure compliance with internal processes / quality checks
External audits
Certification pursuant to ISO 9001 and 27001
Appointment of an Information Security Officer (ISO)
Appointment of a Quality Management Officer
Staff training Obligation for every employee to absolve an annual training regarding data protection and information security
… (continued)
9© Kantar Public 2017
ORGANISATIONAL CONTROL (continued)
MEASURES
Staff training (continued) Data protection seminars are offered in the HR seminar program
Obligation for every new employee to absolve the on-site training “Data Protection & Information Security for beginners”
Further on-site trainings on request
Training documentation via certificates and attendance lists
Announcements regarding data protection via email / sharepoint
Documentation of the admissibility of all relevant data protection related processes
Internal and public overview of all notifiable processes (Section 4d, 4e BDSG)
External audits
10© Kantar Public 2017
4. Entry control
4.1 Objective
The objective of the entry control is to prevent unauthorised persons from entering data processing facilities where personal data is processed or used with the help of adequate measures.
4.2 Measures
ENTRY CONTROL MEASURES
Building security Occupied reception / Separate gates for employees and deliveries
Entry control, multi-stage security system
Building locked outside working hours
Guard service / Plant security outside working hours
Separation of processing zones and visitor’s zones
Access to individual floors with electronic access control (chip) only
Admission to the buildings logged and checked
Electronic access control (chip) for all staff members
Entry to the building / storeys traceable
Identity passes for visitors
Setting up the computer center as a security sector
Servers are located in a locked computer center with access control and burglary-, fire alarm- and fire extinguishing system
Backup media stored in a safe in a co-location (SOX control)
Locking system: Key regulations with access authorization
… (continued)
11© Kantar Public 2017
ENTRY CONTROL (continued) MEASURES
Specifying persons with access authorisation
Logging the issue of keys
Special access regulations for others: only in the presence of a person with access authorisation
Logging admissions
SOX Control, ISO 27001 Control
Securing the networks Distribution boxes are secured against unauthorised access
Network management carried out centrally 24/7 under the responsibility of IT
Router, switches and network components are located in locked rooms or steel containers
Cables are located in sealed cable ducts; cabling is documented
SOX Control
12© Kantar Public 2017
5. Access control
5.1 Objective
The objective of the access control is to prevent unauthorised persons from using data processing systems which contain personal data.
5.2 Measures
ACCESS CONTROL MEASURES
Internal legitimising procedure for user codes with respect to files and systems / documented organisational procedure for:
Issuing, securing, changing, deleting of user accounts
User accounts with individual access rights
For newly recruited personnel, IT receives the relevant staff data for network operation (staff member code, staff member number, cost center, starting date) from administration automatically and fully-documented
Completely ISO 20000 compliant change management
User accounts for staff members who have left the company
A documented process concerning withdrawal of any access authorisations for staff members who are relocated or leave
Individual user accounts are to be locked / deleted, with documentation
Completely ISO 20000 compliant change management
Logging the access to applications and systems
Traceable back over several months
… (continued)
13© Kantar Public 2017
ACCESS CONTROL (continued) MEASURES
Encryption routines for log-in and password
Security Policy
Global password policy
Minimum length of a user code: 5 characters
Minimum length of a password: 8 characters
Regulated password complexity (special characters, numbers, capital and lower case letters)
Exclusion of trivial passwords
Required password change after 60 days
Lost passwords may only be reset by IT upon receipt of clear authentication
Password history / old passwords may not be re-used (10 generations)
SOX control
Automatic locking system if false user codes / passwords are entered
Access denial if more than four false attempts to log on are made
Automatic / manual keyboard and monitor lock if not used of user is absent
Standard set up for the PC
Automatic keyboard and monitor lock if not used for 10 minutes
Manual locking if user leaves the working place / Clean Desk Policy
Reset only by entering password
14© Kantar Public 2017
6. Usage control
6.1 Objective
The objective of the usage control is to prevent unauthorised persons from using or changing personal data.
6.2 Measures
USAGE CONTROL MEASURES
Arrangements for the authorisation concept and usage rights
Differentiated authorisation system for use of files, system and application programs by persons with access authorisation (including those with maintenance authorisation)
Issuing of individual, function-suited roles and rights by IT, if called for by upper management
Use of network drives for authorised users (groups)
Differentiated authorisation for reading only or writing (changing / deleting) access
User authorisation issued with relation to the application
Logging which users use the databases
Storing usage logs on security related data going back for 6 months
Security policy
Data storage media / data storage media administration
Proof of input, output and existing data
Storage of data media in the internal security sector
Constantly in locked rooms / safes
Documented security processes
Specifying authorised persons
Use of private data storage media forbidden
Controlled destruction of data storage media
Destruction of address data performed according to procedures described in ISO 9001
… (continued)
15© Kantar Public 2017
USAGE CONTROL (continued) MEASURES
Controlled destruction of data storage media (continued)
Physical destruction
Secure document containers
Exchangeable and fixed disks which are no longer for use should be rendered unusuable by IT
Disposal / destruction via certified disposal companies after previous appointment arrangement
Keeping data storage media in separate, secure-access hardware archive until disposed of
Issuing disposal certificates
SOX control
Special regulations for mobile terminals
Mobile PCs (laptops, notebooks) must be kept locked away outside working hours
Fixed hard disk encryption on all laptops
Special regulations for mobile terminals
Mobile PCs (laptops, notebooks) must be kept locked away outside working hours
Fixed hard disk encryption on all laptops
16© Kantar Public 2017
7. Transmission control
7.1 Objective
The objective of the transmission control is to prevent unauthorised reading, copying, changing or removing of personal data during electronic transmission, transportation and / or storing.
7.2 Measures
TRANSMISSION CONTROL MEASURES
Data transmission Transmission of files only to an authorised person and with a transmission log
Documentation of all addresses along the transmission chain
Documentation of PCs, software and files with personal data
Completeness and correctness check
Transport security Internal transmission: via internal network / secure exchange portal
Portal participants to be regulated by user recognition and rights concepts
Logging / traceability of all use
Proof of use and transmission control via log files
External transmission: encrypted as agreed with the receiver and / or by courier
Compressed / encrypted with password protection, strong encryption algorithm (Standard: AES-256)
Sealed transport containers
Reliable messengers / transport companies
17© Kantar Public 2017
8. Input control
8.1 Objective
The objective of the input control is to provide options for subsequent testing whether personal data was entered, changed and / or removed in the data processing system and by whom.
8.2 Measures
INPUT CONTROL MEASURES
Systems for logging and logging evaluation
Automatic logging of file use / file changes
Logs for security-relevant data documentation can be evaluated restrospectively (6 months)
Documentation of the input methods
Specification of those authorised for compiling data storage media and processing data
Subsequent traceability of the completed data input
18© Kantar Public 2017
9. Order control
9.1 Objective
The objective of the order control is to guarantee that personal data processing is only done in compliance with the instructions of the contractor.
9.2 Measures
ORDER CONTROL MEASURES
Formalising the placement of an order between the principal contractors
Detailed written regulation of the contractor relationship and formalisation of the complete order process
Clear regulation of the competences and responsibilities
Documentation of the process stages via an internal portal
Work step control
Administration, security, documentation of the address data in the respective interaction system provided
Formalising the placement of an order with respect to all the subcontractors
Careful choice of contractor
Detailed written regulation of the contractor relationship and formalisation of the complete order process
Contractual obligation of the subcontractor to data protection and secrecy
Order control and documentation
19© Kantar Public 2017
10. Availability control
10.1 Objective
The objective of the availability control is to protect personal data from accidental destruction and / or loss.
10.2 Measures
AVAILABILITY CONTROL MEASURES
Data security concept Central backup system with authorisation and destruction system
IT is responsible for carrying out the data security measures
Changed databases are saved every day
For weekdays a separate data storage medium is used
Every week all the databases are fully backed up
Programme directories are backed up after every change to ensure that there is always at least one copy of the latest programme database
Back-up process checked monthly
Back-up logs checked daily
Monthly test restores for data
Restore by IT
Storage of back-up copies in different fire-protected and sealed rooms / safes
Guidelines for data archiving
Emergency plans / IT continuity management
IT continuity test according to fixed processes and time intervals
SOX control
Fire protection systems Fire protection zones
Fire protection doors
Air-conditioning for server / technology rooms
20© Kantar Public 2017
AVAILABILITY CONTROL (continued)
MEASURES
Fire protection systems (continued)
Smoke and fire alarms in the computer center
Connection of the computer center to fire brigade emergency call center
Fire extinguisher equipment in the computer center
Plans for escape, rescue and fire protection
Software installation PCs are fitted with standard software
Extensions to the standard software only after examination and approval by the board of management / IT
Completely ISO 20000 compliant release management
Firewall installation Protection of the internal networks using several firewall systems
Use of IDS / IPS systems
Incoming mails are examined for malicious software by an automatic process
Data storage media Data storage media received or to be dispatched are to be examined for malicious software with a virus scanner before being used or dispatched
Virus protection Installation and constant updating of automatic virus protection
Blocking of sites Blocking of indexed websites
Power supply Installation of emergency power diesel and UPS systems / Safe server shut down in the case of a power cut
21© Kantar Public 2017
11. Separation control
11.1 Objective
The objective of the separation control is to ensure that personal data collected for different purposes is processed separately.
11.2 Measures
SEPARATION CONTROL MEASURES
Separated processing / File management for each other
Ensured by process descriptions and examination requirements in accordance with ISO certified quality management system
Separation by project numbers
Data can only be used / processed for the purpose agreed
Separated logging of individual work steps for each order
Ensured by process descriptions and examination requirements in accordance with ISO certified quality management system
Function separation Saving data and programs in different directories
Using pseudonyms for test data
DEKRA Certification GmbH * Handwerkstraße 15 * D-70565 Stuttgart * www.dekra-certification.de page 1 of 2
CERTIFICATE
ISO 9001:2008
DEKRA Certification GmbH hereby certifies that the company
Kantar Shared Services GmbH & Co. KG Kantar Deutschland GmbH Scope of certification:
Market research for decisions in economy and society, Market media and opinion research Certified location:
D-80687 München, Landsberger Straße 284 (further locations see annex)
has established and maintains a quality management system according to the above mentioned standard. The conformity was adduced with audit report no. A15011050.
This certificate is valid from 2017-03-13 to 2018-02-26
Certificate registration no.: 90103074/5
Lothar Weihofen
DEKRA Certification GmbH, Berlin, 2017-03-13
DEKRA Certification GmbH * Handwerkstraße 15 * D-70565 Stuttgart * www.dekra-certification.de page 2 of 2
Annex to the Certificate No. 90103074/5
valid from 2017-03-13 to 2018-02-26 The following locations belong to the certificate above:
Headquarter Certified location Scope of certification
Kantar Shared Services GmbH & Co. KG Kantar Deutschland GmbH
Landsberger Straße 284 D-80687 München
Market research for decisions in economy and society, Market media and opinion research
Subsidiaries Certified location Scope of certification
1. Kantar Shared Services GmbH & Co. KG Kantar Deutschland GmbH
Landsberger Straße 284 D-80687 München
Market research for decisions in economy and society, Market media and opinion research
2. Kantar Deutschland GmbH Friedensallee 11
D-22765 Hamburg
Market research for decisions in economy and society, Market media and opinion research
3. Kantar Deutschland GmbH Stieghorster Straße 86-90 D-33605 Bielefeld
Telephone data collection on behalf of TNS Germany GmbH
4. Emnitel GmbH Stieghorster Straße 90 D-33605 Bielefeld
Telephone data collection on behalf of TNS Germany GmbH
5. Infratel GmbH Landsberger Straße 336 D-80687 München
Telephone data collection on behalf of TNS Germany GmbH
6. Telquest GmbH Ludwigsluster Straße 29 D-19370 Parchim
Consulting and services based on personalized data
7. Kantar Live GmbH Landsberger Straße 284 D-80687 München
Services for economic and social research
8. infraquest GmbH Landsberger Straße 336 D-80687 München
Services for economic and social research
Lothar Weihofen
DEKRA Certification GmbH, Berlin, 2017-03-13
DEKRA Certification GmbH * Handwerkstraße 15 * D-70565 Stuttgart * www.dekra-certification.de page 1 of 1
CERTIFICATE
ISO 20252:2012
DEKRA Certification GmbH hereby certifies that the company
Kantar Shared Services GmbH & Co. KG Kantar Deutschland GmbH Scope of certification:
Market research for decisions in economy and society, Market media and opinion research Certified location:
D-80687 München, Landsberger Straße 284 D-22765 Hamburg, Friedensallee 11 D-33605 Bielefeld, Stieghorster Straße 86-90
The requirements of ISO 20252:2012 Market, opinion and social research – fulfilled. This is verified in certification audit report No. A15011050. This certificate confirms that the QM system satisfies the more far-reaching requirements of ISO 20252:2012 in respect to ISO 9001:2008. This certificate is only valid upon successful completion of the surveillance audit. This certificate is only valid in connection with main certificate Nr 90103074/5.
This certificate is valid from 2017-03-13 to 2018-02-26
Certificate registration no.: 3004078001/4
Lothar Weihofen
DEKRA Certification GmbH Berlin, 2017-03-13
CERTIFICATE
The Certification Body of TÜV SÜD Management Service GmbH
certifies that
Kantar Holding GmbH Landsberger Str. 284
80687 München Germany
including the sites see enclosure
has established and applies an Information Security Management System according to “Statement of Applicability” for
Handling of data and information within the framework of market and social research.
An audit was performed, Report No. 70763550.
Proof has been furnished that the requirements according to
ISO/IEC 27001:2013
are fulfilled.
The certificate is valid from 2017-05-04 until 2019-12-15.
Certificate Registration No.: 12 310 46872 TMS.
Version of the statement of applicability: V 1.4; 2015-10-26.
Product Compliance Management
Munich, 2017-05-05
Page 1 of 2
Enclosure of Certificate Registration No.: 12 310 46872 TMS
Sites
Kantar Holding GmbH Stieghorster Str. 86-90, 33605 Bielefeld, Germany
Kantar Shared Services GmbH & Co. KG Landsberger Str. 284, 80687 München, Germany
Kantar Shared Services GmbH & Co. KG Stieghorster Str. 86-90, 33605 Bielefeld, Germany
Kantar Shared Services GmbH & Co. KG Borselstr. 20, 22765 Hamburg, Germany
Kantar Deutschland GmbH Moosdorfstraße 7-9, 12435 Berlin, Germany
Kantar Deutschland GmbH Landsberger Str. 284, 80687 München, Germany
Kantar Deutschland GmbH Stieghorster Str. 86-90, 33605 Bielefeld, Germany
Kantar Deutschland GmbH Borselstr. 20, 22765 Hamburg, Germany
Kantar Deutschland GmbH Darmstädter Landstr. 112, 60598 Frankfurt, Germany
Kantar Live GmbH Landsberger Str. 284, 80687 München, Germany
Infratest dimap Gesellschaft für Trend- und Wahlforschung mbH Moosdorfstr. 7-9, 12435 Berlin, Germany
TNS Infratest Slovakia s.r.o. Business Center, II Blok E, 5. posch, Prievozska 4
821 09 Bratislava, Slovak Republic
Product Compliance Management
Munich, 2017-05-05
Page 2 of 2