Data-Security and Protection
Compliance with stringent data protection standards is a basic prerequisite for the A1 Group. It ensures the trust of customers in the Group. The A1 Group strictly adheres to the current legal framework in the area of data protection and information security.
Personal data is processed in accordance with the General Data Protection Regulation of the European Union (GDPR) and national data protection laws, as well as with specific provisions of national telecommunications laws. In the event of a breach of the protection of personal data, a report is made to the data protection authority as required by law and the persons affected are informed of this event.
Data of customers, employees, shareholders, suppliers, and sales partners of the A1 Group will only be passed on to third parties if there is a legal basis for doing so. In the event of requests for the transfer of data by courts, public prosecutors, police, or other authorities, these are checked for their legality. Only in the case of a legally compliant request will data be passed on in accordance with legal and regulatory requirements. If necessary, the data subjects are informed about this process in accordance with the legal requirements.
In addition to legal requirements, all subsidiaries of the A1 Group are obliged to comply with the information security standards created for this purpose as well as other country-specific data protection guidelines. Almost all companies in the A1 Group already comply with the ISO 27001 standard, and the management systems are regularly evaluated. For example, the ISO certifications are reviewed annually. Adaptations are also made during the year if necessary.
The network operators of the A1 Group are part of the critical infrastructure in all countries. The Group is aware of the special responsibility that this entails. For this reason, the company is committed to initiatives that go beyond what is required by law in order to constantly improve security and availability. In November 2021, A1 Croatia opened a new data center in Zagreb. It is the most modern one in the region, meeting the requirements of Tier III (classification of data centers, divided into 4 Data Center Tiers) and withstanding earthquakes up to magnitude 9 on the Richter scale. The A1 Group is particularly committed to cybersecurity. Particular attention is also paid to promoting young talent in the field of cybersecurity. Every year, vocational trainees are given the opportunity to experience the challenges of a critical infrastructure operation in practice.