Data privacy and security

Cyber security in the digital age

For DNV GL, data security is a natural extension of our purpose for the digital age – to protect life, property and the environment.

Why it matters

The internet age has been characterized by exponential growth in digital data. Alongside the benefits of digital technology, we have also witnessed a significant rise in cyber-security threats and data breaches around the world. It is clear that the need to ‘protect customers’, corporate and individuals’ digital data is more important than ever. As a result, our clear focus is on enhancing our own cyber security while also helping our customers to do the same. 

For DNV GL, data security is a natural extension of our purpose for the digital age – to protect life, property and the environment.

We have invested significantly in our data protection management system, which aims to protect our employees’, customers’, suppliers’ and business partners’ right to privacy in line with the new European General Data Protection Regulation (GDPR).

Progress in 2018

During the year, we aligned our existing data protection programme to the requirements of the General Data Protection Regulation (GDPR) to comply with new European legislation introduced in May 2018. Existing policies, internal structures and training materials have been updated to reflect the new requirements, including data subject rights to access, rectification, erasure and portability of data, and breach notification mechanisms. Data processing activities have been placed in a common register, providing a proper overview on all processes in DNV GL that cover personal data management.

Our customer-facing IT platforms are developed with the ‘privacy by design’ principle in mind, in accordance with the requirements of GDPR. We have also updated our privacy statement on the DNV GL website and our industry data platform, Veracity.

During 2018, we reviewed and updated our existing e-learning and express training on personal data protection in line with GDPR. The training is available to all employees and a requirement for those that handle data as part of their daily work, such as employees working in human resources and IT. We achieved a 95% completion rate by the end of the year.

During 2018, the Group Compliance team worked closely with the Global Data Protection Officer on implementation measures and raising general awareness of the new regulation. 

Looking ahead

Recognizing the ever-changing landscape related to digital assets, we will continue to provide training and communicate widely on privacy and data ethics. Ensuring a high level of awareness around the business is essential to success and a key area of focus will be on local implementation of our processes.

We will continue to monitor the legal interpretation of GPDR and local practices related to data protection and take appropriate measures to adjust to any changes. All business areas, Group functions and Global Shared Services have nominated individuals to work together closely on any additional measures required to achieve complete compliance with GDPR.

Open All Close All


Open All Close All