Data privacy and security

Data protection in the digital age

For DNV GL, data security is a natural extension of our purpose within the digital age – ‘to safeguard life, property and the environment.

Why it matters

DNV GL is a strong advocate for digital technology. We believe in harnessing its benefits to improve how we operate and to make a difference to our customers and wider society. At the same time, there are clear risks to be managed relating to cyber-crime and data protection, and these are high priorities for our stakeholders. For DNV GL, data security is a natural extension of our purpose within the digital age – ‘to safeguard life, property and the environment’.

To mitigate digital and data risks we focus on ensuring our own cyber security and using our skills to help customers do the same. Alongside digital security, our data protection management system works to protect the right to privacy of our employees, customers, suppliers and business partners in line with the European General Data Protection Regulation (GDPR).

Progress in 2019

In March 2019, we set a heightened state of IT security and activated our Computer Emergency Response Team as a precautionary measure due to a ransomware attack on a large Norwegian enterprise, a customer of DNV GL. After three days we restored normal IT security levels. During the period of heightened security, we quarantined all e-mails from the customer and enabled Safe Links capabilities in our software to validate the safety of website links before end-users could open the webpage. We also ensured that all VerIT computers connected to the DNV GL IT platform had up-to-date antivirus and that the computers were patched properly.

Open All Close All

Looking ahead

Data privacy remains an essential part of ensuring legal compliance. We maintain our understanding of the data protection landscape through our data protection network, external train-ing, legal advice and monitoring cases raised by data protection authorities in the countries and regions where we operate.

In Brazil, a new personal data protection law, very similar to GDPR, will come into force in August 2020. This reflects a growing global trend of countries establishing national data protection laws. Before the deadline in Brazil, Group Compliance will support the local implementation team to ensure a smooth transition to compliance with the new requirements.

Continuing the risk assessment started in 2019, we will focus our attention in 2020 on the areas of high risk for data subjects that we have identified. These include lifecycle management of applications from launch to end-of-life, roles and responsibilities linked to personal data, and unstructured data outside of production systems, such as SharePoint or Excel applications. We will also continue to focus on emerging financial or reputa-tional risks related to data protection identified through our risk assessments.

Internally, we will ensure we maintain high awareness of cyber security and data protection issues and our approach.

Approach

Open All Close All
;