To accomplish this culture of privacy as a priority, Wimmer set up an internal governance body of around 20 privacy champions, called Local Privacy Partners (LPPs), across Europe. These designated LPPs are responsible for raising awareness of Alpiq’s privacy policies and staying involved in companywide operations to ensure privacy is embedded into every aspect of the (local) business. Additionally, LPPs meet in-person at an annual LPP Day to join forces, share best practices and discuss tips for ongoing compliance.

Alpiq’s journey to GDPR compliance began with their privacy policy, which also serves as their approval and basis for their operations. The company’s strategic approach was to research and implement a technology platform that not only embeds this policy and global regulations within it but enables LPPs to efficiently carry out their responsibilities in a roles-based and centralized database.

Energizing GDPR and privacy compliance with OneTrust

As a company with a wide European reach, Alpiq needed an easy-to-use, modern and cloud-based tool with multilingual capabilities. The company evaluated several privacy management software solutions on the market and landed on OneTrust for its flexibility and impressive reputation.

Before OneTrust, Alpiq was conducting data mapping, assessment automation, data subject rights management and cookie compliance as disjointed processes. Now, with OneTrust Assessment Automation (PIAs/DPIAs), they can customize privacy assessment questionnaires while the Data Mapping Automation maps a complete record of their data protection activities. With OneTrust’s Data Subject Rights Management module, Alpiq manages subject rights requests in a central roles-based access dashboard. Additionally, Alpiq can automatically scan their websites for cookies, create an on-brand cookie consent banner and preference center, and auto-generate a cookie list as part of their GDPR-compliant privacy policy with OneTrust’s Cookie Consent & Website Scanning module.

Sparking a journey of continuous improvement

When evaluating their ongoing GDPR strategy, Alpiq is focused on fine-tuning the many different aspects of their privacy program. “Without a stable culture of privacy, it’s much harder to adapt to the shifting regulatory environment,” said Wimmer. “Module-by-module, OneTrust is helping our employees become more aware of the personal data they process and better understand their privacy responsibilities.”

Looking ahead, the Alpiq team is also focused on the Switzerland Federal Data Protection Act which is being discussed in Parliament and expected to come into effect beginning of 2020.

As the company continues to account for new privacy laws, they’ve begun evaluating OneTrust’s Incident and Breach Response solution. With Incident and Breach Response, Alpiq can build context-aware automated workflows that help their organization rapidly respond to incidents and enhance breach notification decision-making.

With OneTrust, Alpiq knows they have partnered with an industry-leading platform that will continue to improve while supporting their unique privacy program needs.