Data protection is a widely discussed societal issue that is becoming increasingly important as digitalisation advances. The EU General Data Protection Regulation (GDPR), which regulates the careful handling of personal data, has been in force since 2018. There have never been any complaint proceedings or breaches of data protection at EVVA, also not in the reporting period. 

Preventive measures

Our company takes numerous preventive measures to ensure data protection for customers, employees and other stakeholders:

• Two in-house data protection coordinators (from IT and the legal department) well as an external data protection officer
   
• Customer and production orders are always separated from each other as a result of confidentiality agreements with customers.
   
• All security-relevant and personal data is of course stored at EVVA in compliance with GDPR
   
• The "Data protection declaration for EVVA employees" – updated and introduced as per GDPR at the beginning of 2018 – informs all employees about not only their data protection rights, but also about their obligations to safeguard the rights of others such as customers.
   
• In addition, data protection trainings have been and are being held on an ongoing basis. The EVVA Legal Department has prepared a "Data Protection Guideline for Employees" in teh reporting period that clearly explains the basic concepts of data protection law (e.g. what personal data is) and recommends courses of action. Why is data protection important? Who is liable for violations? What should I do in the event of a possible violation of data protection? What are my rights and obligations? The new guideline answers these questions. It is the companion for data protection compliant behavior
   
• The applicant management system ensures that the data of all applicants at EVVA is used in compliance with the guidelines  

• Our electronic access system AirKey complied fully with these requirements long before 2018, when the GDPR first became legally binding. AirKey is of particular interest to customers who want to control access via their smartphone and do not have or do not want to set up their own IT infrastructure. Authorisation data is stored in a ISO27001 certified computer centre. EVVA encryption methods (double encryption via ECDSA and AES) are among the most secure in the world 


• Data is stored in the EVVA data centre according to high legal security standards anonymously and multiple fail-safe in different server rooms. This protects the digital keys much better than would be possible with a single individual protection measure
   
• Secure data transfer between Internet browser and the EVVA computer centre takes place via a protected https connection – which is as secure as online banking.
   
• Additional certified secure elements (= highly secure storage elements that actively encrypt and decrypt) can be found in the locking components and identification media
   
• Block dangers early. EVVA has been using an AI program that checks when a website is called up to which servers in which countries it forwards its links. And whether it poses a threat. This decides whether this website may be accessed or not. The expanded spam protection for e-mails installed at EVVA also falls into this category. The tool checks where the links in the emails point to. Am I being redirected to an insecure site? This extra spam protection has already been proven to prevent phishing mails
   

Challenges:

Just as conventional burglars constantly put tried-and-tested security solutions to the test, leading manufacturers such as EVVA are constantly developing innovative access systems, so every company must also prepare for a sharp rise in cyber criminality.

• In recent years, the risk of cybercriminals introducing potentially dangerous viruses/Trojans into companies has increased. EVVA has also experienced such attacks (e.g. they were disguised as invoices), however all of them could be blocked successfully. EVVA IT has implemented corresponding protection mechanisms. It also informs employees on an ongoing basis about cyber-crime methods and explains, for example, how to identify suspicious e-mails
   
• EVVA has created a uniform IT infrastructure at all locations to avoid the need for interface-intensive individual solutions (more information under Digitalisation). In addition, there are fixed update/upgrade cycles for all security-relevant systems and firewalls.
   
• EVVA simulates hacker attacks in coordination with external IT partners in order to detect potential security gaps. EVVA performs these simulations on a regular basis. EVVA also uses separate networks to prevent attacks
   
• Since 2021, EVVA implemented a new security system that further minimizes the risk of cyber attacks. A protective screen controls Internet communication even before data is loaded into the network. An AI checks all links and behavior. Is it a phishing site? Is an existing malware trying to communicate with a home server? That and much more is constantly checked