Information security and data privacy

It is crucial for us, for our customers, for our partners and for our employees. Our continuous commitment to provide a safe and secure information environment and data privacy for all is embedded in our organisational DNA and in the personal values of all our employees. Telekom Romania is making sure that all data and information on their possession are processes purely for their intended purpose and are protected from misuse.

Our shared information security and data privacy framework is based on the following elements:

  • Specific policies and safety standards, which cover areas such as: IT/NT Security, Information Security and Data Protection;
  • Binding Corporate Rules. Privacy within the DT Group The new “Binding Corporate Data Privacy Rules’ cover the legal requirements for the exchange of personal data both within the Deutsche Telekom Group as well as outside the OTE Group. They contain the applicable minimum requirements under European legislation on the adequate protection of personal data. They have been applied within Deutsche Telekom as of December 2013 and were entered into force within Telekom Romania as of December 2015.

Telekom Romania Communications (former Romtelecom) was the first telecommunications company in Romania certified with ISO 27001 starting 2006, in significant aspects of the business.
Telekom Romania Mobile Communications (former Cosmote) was certified with ISO 27001 since 2013. In 2015 TUV Hellas certified our Information Security Management System based on ISO 27001.

Today 396 million internet users in the EU generates user personal data in social networks, games, search engines, online commerce and other such services. These data such as name, sex, IP address, personal preferences, is considered by the applicable legislation on data protection field as having the nature of personal data.

Part of OTE and DT framework programs but also based on specific needs and requirements of our local systems architecture, during the reporting period Telekom Romania realized a series of measures and project for the improvement of the safety and security of data protection systems:

  • 4,176 employees were trained in 2015 on information security aspects;
  • Since 2015 we also asked the training of our subcontractors on information security aspects and we provided them materials in this respect, tailored to our needs;
  • Moreover, we have periodical awareness campaigns on current Information Security issues;
  • We are testing tens of applications for vulnerabilities and misconfigurations, both created by us or belonging to our partners; we are also testing CPE (customer premises equipment) that we provide to our customers.
  • We ask our partners and suppliers through contract the implementation of high information security standard compatible with ours and we impose information security in all new applications and products; we are alto testing their implementation before production.

Today 396 million internet users in the EU generates user personal data in social networks, games, search engines, online commerce and other such services. These data such as name, sex, IP address, personal preferences, is considered by the applicable legislation on data protection field as having the nature of personal data.

By protecting personal data belonging to customers will increase their confidence in the company and it will gain the title of reliable player on the relevant market. Compromising data security could produce severe effects on economic activity and growth rate of a company. A company located in such a situation can expect the loss of a significant number of customers, costly litigation and in administrative fines grave, all taking place together with the decrease reputation, which will require payment of considerable amounts to be rebuild.

Ensuring data security and technical conditions of processing them in a safe environment as possible are equally important, therefore we are periodically train our employees handling personal data.

During 2015 we have received 3 external complains regarding data privacy, out of which 2 have been determined as noncompliant with national regulation and resulted in a total of 7,778 EURO financial penalty.

Business continuity is as important as information security and data privacy in order to be able to offer seamless communication with minimum interruption and damage to human lives, material assets and environment. Business Continuity Management System based on ISO 22301 has been certified by TUV Hellas since 2014 for our companies. Business Continuity Management System’s aim, in response to a significant disruption (whether actual or impending), will always be to:

  • Ensure the safety of the Company’s employees and other occupants or visitors within the buildings;
  • Endeavour to meet our obligations to employees, customers, shareholders and other interested parties;
  • Minimize disruption to our customers and to protect and preserve our assets and reputation;
  • Facilitate a return to normal operations as soon as practicable;
  • Stay in business.

The Telekom Romania’ Business Continuity Management
System Key Objectives are to:

  • Ensure the availability of company’s products, services and key business functions in-line with key stakeholders’ expectations considering business objectives.
  • Maintain the organization certification as a prerequisite for auctions or contracts and as well as to ensure a good reputation on the market.

We are developing our internal competences and knowledge permanently and we support our employees to understand and apply the specific data security and privacy, as well as business continuity requirements by continuously developing awareness raising and training programmes.

In 2015 we implemented activities such as:

  • Useful Information relevant to physical security, information security and business continuity, in the introductory training of all new employees.
  • E-learning and classroom training course on data protection and safeguarding of the privacy of communications in which a total number of 1,541 employees participated.
  • Business Continuity relevant information for major disasters such as earthquakes and e-learning courses for more general purposes.