- Energy & Utilities
- Data Mapping Automation
- PIA & DPIA Automation
- Cookie Consent
Alpiq Group Powers Global Privacy Compliance with OneTrust
Alpiq is a leading Swiss energy services provider and electricity producer in Europe. Alpiq offers comprehensive and efficient services in the fields of energy generation and marketing as well as energy optimization and electromobility.
Alpiq has been generating climate-friendly and sustainable electricity from carbon-free Swiss hydropower for more than a hundred years. Its power plant portfolio also comprises shares in two Swiss nuclear power plants as well as flexible thermal power plants, wind farms and photovoltaic systems in Europe. As an international energy trader, Alpiq is active on all major European markets. Thanks to digital tools, Alpiq optimize electricity generation and consumption as well as the energy flow between producers, prosumers and consumers in order to stabilize the electricity grids.
The Alpiq Group is headquartered in Lausanne and has approximately 1,290 employees across 70 legal entities in 30 jurisdictions. This expansive structure requires Alpiq to flexibly market and manage cross-border trading in an efficient manner with privacy compliance at the forefront of their project initiatives. Even before the passage of the GDPR, Alpiq’s privacy team understood the importance of protecting the personal data they process, but with the regulation going into effect, they required a more comprehensive program that includes a technology solution to manage operations.
Igniting a Culture of Privacy as a Priority
Establishing a culture where privacy is a cornerstone of daily operations was a major factor in Alpiq’s GDPR and privacy implementation plan.
Legally, process-wise, organizationally and technically speaking, privacy and personal data protection needs must be included in every aspect of a company today.Frank WimmerGroup Data Privacy Officer
To accomplish this culture of privacy as a priority, Wimmer set up an internal governance body of around 20 privacy champions, called Local Privacy Partners (LPPs), across Europe. These designated LPPs are responsible for raising awareness of Alpiq’s privacy policies and staying involved in companywide operations to ensure privacy is embedded into every aspect of the (local) business. Additionally, LPPs meet in-person at an annual LPP Day to join forces, share best practices and discuss tips for ongoing compliance.
Our customers and employees are very aware of data protection rights and requirements since the GDPR went into effect. Without a solid foundation of trust as well as Privacy by Design and Default, we will not be able to continue offering services in new and innovative ways.Frank WimmerGroup Data Protection Officer
The GDPR didn’t change the fundamentals of our data protection operations substantially, but it did require us step back and re-evaluate our past processes. Early on it became crystal clear that we needed a technology platform that serves as a repository for data protection operations.Frank WimmerGroup Data Protection Officer
Energizing GDPR and Privacy Compliance with OneTrust
As a company with a wide European reach, Alpiq needed an easy-to-use, modern and cloud-based tool with multilingual capabilities. The company evaluated several privacy management software solutions on the market and landed on OneTrust for its flexibility and impressive reputation.
When we started looking at privacy management tools, OneTrust stood out as the most sophisticated platform with a reputation that was quickly growing in an early market. As OneTrust continues to improve their platform capabilities, their strategic direction reassures us that we made the right decision in trusting them to automate our growing privacy program.”Frank WimmerGroup Data Protection Officer
There’s almost no processing that occurs in this company without personal data, so each of these modules have been critical in restructuring our program for GDPR compliance.Frank WinnerGroup Data Protection Officer
Sparking a Journey of Continuous Improvement
When evaluating their ongoing GDPR strategy, Alpiq is focused on fine-tuning the many different aspects of their privacy program. “Without a stable culture of privacy, it’s much harder to adapt to the shifting regulatory environment,” said Wimmer. “Module-by-module, OneTrust is helping our employees become more aware of the personal data they process and better understand their privacy responsibilities.”
Looking ahead, the Alpiq team is also focused on the Switzerland Federal Data Protection Act which is being discussed in Parliament and expected to come into effect beginning of 2020.
As the company continues to account for new privacy laws, they’ve begun evaluating OneTrust’s Incident and Breach Response solution. With Incident and Breach Response, Alpiq can build context-aware automated workflows that help their organization rapidly respond to incidents and enhance breach notification decision-making.
With OneTrust, Alpiq knows they have partnered with an industry-leading platform that will continue to improve while supporting their unique privacy program needs.