This data ethics policy describes how Data & More ApS handles data and data ethics. Data Ethics is part of Data & More’s desire for ongoing compliance with legislation as well as acting professionally, ethically, and correctly. Data & More is audited annually and is certified in ISAE 3402, ISAE 3000. In addition, Data & More is in the process of being approved by the Danish compliance certification D-Mærket (D-Seal). We furthermore maintain a high level of training and certification of our employees within Cyber Security and GDPR
1 Introduction
For Data & More, it is essential that our customers, suppliers, and business partners can trust us and be comfortable with our handling of data. That is why we are dedicated to protecting data in three ways:
- We are focused on assessing risks, countering these through measures and thus maintaining a high level of information security.
- We are focused on always complying with the rules of personal data law and the registered rights when we process data.
- We have established internal ethical rules to ensure that, both from individual perspective and society, we can best preserve the trust we have been given by our partners, suppliers, customers and employees when we process data.
This policy applies to all processing in Data & More. The policy applies to personal data as well as other data. In addition, the policy also applies to the processing of the business partners and suppliers, to the extent that we can influence these. Finally, the policy also applies to all technologies and processes under our influence.
2 Data Ethical principles
The following principles form the basis for Data & More’s responsible processing of data and supplement the security and personal data law measures we have already established and adhere to:
2.1 Dedication to data ethics
The management has appointed a person responsible for data ethics, and a panel has been set up to make data-ethical assessments.
Management takes the lead and helps to ensure that the principles are integrated into daily work.
The management also ensures that a data ethics policy has been made and approved, and that it is balanced against Data & More’s other interests.
2.2 Responsibility for data processing
Data & More takes responsibility for processing data. Therefore, it is ensured that the processing of collaboration partners’ data only takes place when necessary and for clearly defined purposes.
Data is mapped and in accordance with laws, regulations and conventions, so that risks of unintended consequences when using data are reduced as much as possible.
2.3 Guidelines for control of third-party data processing
It must be ensured that IT suppliers act under instructions and have the right level of security to handle data.
The IT supplier must ensure ethical data processing and have a data policy.
Data is not sold – and is only passed on if there is a legal obligation to do so according to Danish act of law.
Any new IT supplier must be assessed based on these data ethical principles.
2.4 Value, transparency and security for customers
Data is used to create value for customers, so that they effectively get access to the right solutions and information.
Transparency is designed into the solutions, so that customers have direct insight into data about them to the greatest extent possible, and the treatments that are carried out, so that customers can be confident that data is protected in the best possible way.
2.5 Employees are trained and data processing is being controlled regulary
All relevant employees must have the opportunity and obligation to receive training in data ethics annually.
3. Revision
This policy is reviewed and approved at least once a year by Data & More’s management.
Compliance with this policy is assessed based on management’s approved controls. The policy forms the basis for the data ethics statement in connection with the management report in the annual report.