Data protection Secure IT and GDPR compliant storage
alt text
GRI 418: Protection of customer data UN Sustainable Development Goals (SDGs), No. 9: Industry, Innovation and Infrastructure

Data protection is a widely discussed societal issue that is becoming increasingly important as digitalisation advances. The EU General Data Protection Regulation (GDPR), which regulates the careful handling of personal data, has been in force since 2018. There have never been any complaint proceedings or breaches of data protection at EVVA.


Preventive measures

Our company takes numerous preventive measures to ensure data protection for customers, employees and other stakeholders:

  • Two in-house data protection coordinators (from IT and the legal department) well as an external data protection officer
     
  • Customer and production orders are always separated from each other as a result of confidentiality agreements with customers.
     
  • All security-relevant and personal data is of course stored at EVVA in compliance with GDPR
     
  • The "Data protection declaration for EVVA employees" – updated and introduced as per GDPR at the beginning of 2018 – informs all employees about not only their data protection rights, but also about their obligations to safeguard the rights of others such as customers. In addition, data protection training has been and will be held. The EVVA Legal Department also prepares a "Data Protection Guideline for Employees" that clearly explains the basic concepts of data protection law (e.g. what personal data is) and recommends courses of action
     
  • The applicant management system ensures that the data of all applicants at EVVA is used in compliance with the guidelines  
  • Illustration of a secure smartphone connection Our electronic access system AirKey complied fully with these requirements long before 2018, when the GDPR first became legally binding. AirKey is of particular interest to customers who want to control access via their smartphone and do not have or do not want to set up their own IT infrastructure. Authorisation data is stored in EVVA’s own data centre. EVVA encryption methods (double encryption via ECDSA and AES) are among the most secure in the world 

  • All data is stored in the EVVA data centre according to high legal security standards anonymously and multiple fail-safe in different server rooms. This protects the digital keys much better than would be possible with a single individual protection measure
     
  • Secure data transfer between Internet browser and the EVVA computer centre takes place via a protected https connection – which is as secure as online banking.
     
  • Additional certified secure elements (= highly secure storage elements that actively encrypt and decrypt) can be found in the locking components and identification media
     

Challenges:

Just as conventional burglars constantly put tried-and-tested security solutions to the test, leading manufacturers such as EVVA are constantly developing innovative access systems, so every company must also prepare for a sharp rise in cyber criminality.

  • In recent years, the risk of cybercriminals introducing potentially dangerous viruses/Trojans into companies has increased. EVVA has also experienced such attacks (e.g. they were disguised as invoices), however all of them could be blocked successfully. EVVA IT has implemented corresponding protection mechanisms. It also informs employees on an ongoing basis about cyber-crime methods and explains, for example, how to identify suspicious e-mails
     
  • EVVA has created a uniform IT infrastructure at all locations to avoid the need for interface-intensive individual solutions (more information under Digitalisation). In addition, there are fixed update/upgrade cycles for all security-relevant systems and firewalls.
     
  • EVVA simulates hacker attacks in coordination with external IT partners in order to detect potential security gaps. EVVA performs these simulations on a regular basis. EVVA also uses separate networks to prevent attacks
Our targets

Fulfilment date: ongoing until 2024

How: IT security is a never-ending process. EVVA has therefore decided on further implementation packages to ensure the highest level of protection (firewalls, anti-malware, separation of network segments, etc.) and recurring data protection training for employees.

Positive effects: Regularly raise awareness about data protection among employees; comprehensive security measures against cyber crime.

We are here for you
Mon - Thu: 7:30 am - 4:30 pm
Fri: 7:30 am - 2:00 pm


+43 1 811 65-0
Use the contact form or directly write to us at
export(at)evva.com