Alpiq Group

Alpiq Group powers global privacy compliance with OneTrust

rows of solar panels

Alpiq is a leading Swiss energy services provider and electricity producer in Europe. Alpiq offers comprehensive and efficient services in the fields of energy generation and marketing as well as energy optimization and electromobility.

Alpiq has been generating climate-friendly and sustainable electricity from carbon-free Swiss hydropower for more than a hundred years. Its power plant portfolio also comprises shares in two Swiss nuclear power plants as well as flexible thermal power plants, wind farms and photovoltaic systems in Europe. As an international energy trader, Alpiq is active on all major European markets. Thanks to digital tools, Alpiq optimize electricity generation and consumption as well as the energy flow between producers, prosumers and consumers in order to stabilize the electricity grids.

The Alpiq Group is headquartered in Lausanne and has approximately 1,290 employees across 70 legal entities in 30 jurisdictions. This expansive structure requires Alpiq to flexibly market and manage cross-border trading in an efficient manner with privacy compliance at the forefront of their project initiatives. Even before the passage of the GDPR, Alpiq’s privacy team understood the importance of protecting the personal data they process, but with the regulation going into effect, they required a more comprehensive program that includes a technology solution to manage operations.


Igniting a culture of privacy as a priority

Establishing a culture where privacy is a cornerstone of daily operations was a major factor in Alpiq’s GDPR and privacy implementation plan.


"Legally, process-wise, organizationally and technically speaking, privacy and personal data protection needs must be included in every aspect of a company today."


Frank Wimmer, Group Data Privacy Officer

To accomplish this culture of privacy as a priority, Wimmer set up an internal governance body of around 20 privacy champions, called Local Privacy Partners (LPPs), across Europe. These designated LPPs are responsible for raising awareness of Alpiq’s privacy policies and staying involved in companywide operations to ensure privacy is embedded into every aspect of the (local) business. Additionally, LPPs meet in-person at an annual LPP Day to join forces, share best practices and discuss tips for ongoing compliance.

"Our customers and employees are very aware of data protection rights and requirements since the GDPR went into effect. Without a solid foundation of trust as well as Privacy by Design and Default, we will not be able to continue offering services in new and innovative ways."


Frank Wimmer, Group Data Protection Officer

Alpiq’s journey to GDPR compliance began with their privacy policy, which also serves as their approval and basis for their operations. The company’s strategic approach was to research and implement a technology platform that not only embeds this policy and global regulations within it but enables LPPs to efficiently carry out their responsibilities in a roles-based and centralized database.

"The GDPR didn’t change the fundamentals of our data protection operations substantially, but it did require us step back and re-evaluate our past processes. Early on it became crystal clear that we needed a technology platform that serves as a repository for data protection operations."


Frank Wimmer, Group Data Protection Officer

Energizing GDPR and privacy compliance with OneTrust

As a company with a wide European reach, Alpiq needed an easy-to-use, modern and cloud-based tool with multilingual capabilities. The company evaluated several privacy management software solutions on the market and landed on OneTrust for its flexibility and impressive reputation.

"When we started looking at privacy management tools, OneTrust stood out as the most sophisticated platform with a reputation that was quickly growing in an early market. As OneTrust continues to improve their platform capabilities, their strategic direction reassures us that we made the right decision in trusting them to automate our growing privacy program.”


Frank Wimmer, Group Data Protection Officer

Before OneTrust, Alpiq was conducting data mapping, assessment automation, data subject rights management and cookie compliance as disjointed processes. Now, with OneTrust Assessment Automation (PIAs/DPIAs), they can customize privacy assessment questionnaires while the Data Mapping Automation maps a complete record of their data protection activities. With OneTrust’s Data Subject Rights Management module, Alpiq manages subject rights requests in a central roles-based access dashboard. Additionally, Alpiq can automatically scan their websites for cookies, create an on-brand cookie consent banner and preference center, and auto-generate a cookie list as part of their GDPR-compliant privacy policy with OneTrust’s Cookie Consent & Website Scanning module.

"There’s almost no processing that occurs in this company without personal data, so each of these modules have been critical in restructuring our program for GDPR compliance."


Frank Winner, Group Data Protection Officer

Sparking a journey of continuous improvement

When evaluating their ongoing GDPR strategy, Alpiq is focused on fine-tuning the many different aspects of their privacy program. “Without a stable culture of privacy, it’s much harder to adapt to the shifting regulatory environment,” said Wimmer. “Module-by-module, OneTrust is helping our employees become more aware of the personal data they process and better understand their privacy responsibilities.”

Looking ahead, the Alpiq team is also focused on the Switzerland Federal Data Protection Act which is being discussed in Parliament and expected to come into effect beginning of 2020.

As the company continues to account for new privacy laws, they’ve begun evaluating OneTrust’s Incident and Breach Response solution. With Incident and Breach Response, Alpiq can build context-aware automated workflows that help their organization rapidly respond to incidents and enhance breach notification decision-making.

With OneTrust, Alpiq knows they have partnered with an industry-leading platform that will continue to improve while supporting their unique privacy program needs.

You may also like


Privacy Management

Managing data transfers within the UK & EU

Join our experts as we discuss ways to effectively manage data transfers between the UK & EU while staying compliant with the latest privacy regulations.

October 31, 2023

Learn more


Data Discovery & Security

A guided tour of OneTrust Data Discovery magic

Our expert speaker will demonstrate how common real-world data challenges can be identified, addressed, and reported on, leading to better data governance, security, and alignment with business goals. 

October 26, 2023

Learn more


Data Discovery & Security

Data minimization and risk assessment in data discovery

Explore the concept of data minimization and its crucial role in enhancing security, privacy, and reducing risk.

October 19, 2023

Learn more