Customer Privacy

6 min

As a technology-oriented company, we place great importance on safeguarding our customers’ rights to privacy and security.

Why it matters

Customers and business partners place a great deal of trust in dormakaba as a premium partner for access and security solutions. dormakaba takes the protection of data and information very seriously. Abuse and misuse of data and information can lead to major tangible and intangible damage due to, for example, relevant information being unavailable, rendered unusable or incorrect, or – in the worst-case scenario – made available or accessible to a malicious third party.

Key activities

Safeguarding our customers’ rights to data protection and privacy includes obtaining data by lawful and fair means, protecting the personal data of customers by adequate information security safeguards and using customer data in sales responsibly. dormakaba also considers the proliferation of new technologies and security risks because we understand we have a responsibility to protect sensitive information against unauthorized access, loss or falsification. We place a strong focus on:

Considering all information and data available within dormakaba, we pursue the following security aims:

The dormakaba Group Data Protection Officer, in cooperation with the Group Information Security Manager, oversees our approach to customer privacy.

Information Security Management System at the core

To meet our security aims, senior management introduced an Information Security Management System (ISMS) in line with best practice in the industry. Our Chief Technology Officer (CTO) also acts as the Chief Information Security Officer (CISO) within the ISMS. This management system is based on the international ISO/IEC standard 27001:2013, the most recognized standard in the field. Certification to the standard is planned in the financial year 2019/20. As outlined in the Group Directive Information Security, the goal of the ISMS is to achieve and maintain an adequate security level by leveraging risk management methods, continuous improvement and best practices – all adjusted to our needs. The risk management included in the ISMS is used to identify, assess and treat risks adequately.

Reporting to the CISO, the Group Information Security Manager is responsible for anticipating and assessing new threats related to information security risks. They are also responsible for implementing the necessary security levels for dormakaba, as defined by the Security Board in accordance to its Charter. Additionally, Information Security Coordinators (ISC) are responsible for the implementation of the ISMS within an assigned segment or Group function, and for providing support during security audits.

EU General Data Protection Regulation (GDPR)

In the financial years 2017/18 and 2018/19, we focused on aligning internal compliance processes to the new EU General Data Protection Regulation (GDPR). The GDPR aims primarily to give control to citizens and residents over their personal data, bringing with it a new set of "digital rights" for EU citizens at a time when the digital economy places increasing economic value on personal data.

We have set ourselves three objectives:

Raising employee awareness

We are aware that technological advances in IT security cannot always guarantee the security of the entire business environment, as human behavior can affect information security and the associated risks. Phishing and other social engineering techniques use the human risk factor. In 2019, the trend has continued for such attacks. Attackers are even using technologies such as artificial intelligence to develop their attack scenarios and make fraudulent e-mails and messages appear more real to the victim.

However, people can learn to deal with risks in a professional and smart way. Raising employee awareness of information security risks is a continuous process that, if done correctly, turns the root of the problem into part of the solution. With our information security training programs, in which all our employees must participate, we not only train our employees to recognize suspicious messages, phone calls, and other social engineering tactics; we are also building a culture of cyber security that enables us to manage our risks in a targeted and effective way.

Our performance

The financial year 2018/19 has been marked by the development of frameworks for Cyber Risk Management, the implementation of a highly professional security operations center with a focus on threat detection and response, and the mitigation of information security risks through Group-wide security training in order to strengthen employee awareness.

As part of the GDPR implementation project, many new processes and templates were rolled out across our European facilities. We maintain records of data processing activities in accordance with the regulation, having implemented the required procedures, such as amending the privacy policy and declaration, and ensuring proper data processing by 3rd parties (processors). Employees are comprehensively involved, and information regarding the central data protection management system is made available to them. The challenge now is to anchor the data protection organization firmly across the Group.

There have been no reported incidents nor substantiated complaints concerning breaches of customer privacy or losses of customer data within the financial year 2018/19.


Now that we have established the foundation of our ISMS, we plan to further expand its capacity to achieve our long-term goals and protect our customers data and information. As regards data protection, employees will be provided with a basic data protection eLearning training in autumn 2019.

Ensuring connectivity while securing data

An interview with Andreas Robbert, dormakaba Information Security Officer

For a long time, the trend has been toward internet-based solutions and contactless access media, which are an ideal complement to traditional mechanical keys to access rooms. The use of smartphones is becoming increasingly important too in applications such as accessing hotel rooms. Clearly this brings additional customer benefits, but data security and data protection are the crucial issues. How do you see the connection of data privacy to the two dormakaba values Customer First and Trust?

Trust is not only our brand promise but also a key value in the area of information security and the protection of private data. What our customers expect from us is fully in line with our plans to operate an ISMS that will make our environment, and thus our products, safer and more reliable. With the increasing importance of data protection within the framework of the GDPR, we were already on the right track. For us, data protection is not an additional burden, but an opportunity – an opportunity to strengthen our products and our brand and thus prepare our customers for the future.

Where do you see the biggest challenges related to customer privacy? How has the General Data Protection Regulation impacted the company’s work?
We need to prepare for GDPR-like regulations. Other countries outside the EU already have their own regulations or laws, which sometimes orient themselves toward the GDPR or away from it. Therefore, it is crucial that we consider our information security and data protection management systems under these aspects as well, and in areas that are important to our business. This work is vital to ensuring we meet our compliance obligations and to improving the awareness of our employees.

Where do you see opportunities for dormakaba in the area of technology-driven growth, e.g. Internet of Things and connected security products?
Our mission is to make access in life smart and secure. We are confident that building management will evolve from on-premise systems to connected, on-demand, and cloud-based solutions. This should create more efficient possibilities for the operation of buildings and also facilitate integration with partners who complement our offerings, e.g. integration of video, alarm or building control systems. We have created the basis for offering data-centric services such as descriptive, predictive and prescriptive services that complement our current product offering. With all of these new developments, it is very important to us that we remain focused on data protection and information security.

Occupational Health & SafetyFocus Area People

This website uses cookies to ensure you get the best experience on our website.

You are using an outdated browser. Please update your browser to view this website correctly: