53
Raiffeisen Bank International | Sustainability Report 2018
Management Overview Foreword
of sustainability
Responsible
banker
Fair partner –
Human Resources
Fair partner –
Inhouse ecology
Engaged
citizen
GRI index and
Assurance report
Considering the requirements and concerns of our customers also plays an important role for our company in the
design, sale and use of our products and services. The security of our products and the security of our customers
are both of central concern to us. Along with access to relevant information regarding products and services, this
includes the verifiability of claims, explanations of the possible risks associated with products or services and
appropriate information, e.g. on risk reduction. For example, the economic feasibility of loan repayment is carefully
explained to the customer (see also “Responsible lending” on page 54). Where possible, we also inform customers
about the sustainability aspects of our products. We carefully check any complaints which are brought to us and
respond as soon as possible. We also strive to provide comprehensive barrier-free access to our financial services
for disabled persons. Protecting customer data also forms part of our social responsibility (see next chapter).
Protection of customer data and data security
RBI considers the comprehensive protection of all data provided to or made available to the group, concerning
customers as well as employees, to be an integral part of its business activities to which it attaches an extremely
high level of importance. The recording, storage, processing and transmission of personal data of natural persons
is subject not only to the mandatory statutory requirements, but also to internal principles and processes at RBI
whose compliance is managed by the Group Data Privacy Office, the Data Protection Officer and Group
Information and Cyber Security and reviewed by Internal Audit. In addition, all data protection measures
implemented and employed throughout RBI are aligned to the most current technical security standards.
The key aspects of the RBI security strategy are:
• Regular adaptation of the security strategy to reflect industry standards: The processes and technical measures
in the area of information security are based on standards such as ISO 27001.
• Permanent observation of the threat situation
• Security tests and emergency exercises: Internal and external security reviews, such as penetration tests, are
performed regularly.
• Ensuring system availability
• Employee awareness: All RBI employees are obliged to complete regular security training.
A description of the technical security measures can be found on RBI’s website: www.rbinternational.com
About Us Security Technical and Organizational Measures
In implementing the EU General Data Protection Regulation 2016/679 (GDPR) in time for its effective date of
May 25, 2018, RBI established a range of additional technical and organizational measures that extended and
reinforced the existing data protection principles and processes. In detail, a GDPR implementation project was
planned and successfully realized; this primarily involved examining and analyzing the processes, organization,
systems and contracts at RBI with regard to GDPR aspects. Based on this process, the necessary adjustments to
meet GDPR requirements were defined and implemented for each of these areas. The existing organizational
framework was extended to include a specific organizational and process structure for data protection.
As part of this project, RBI also supported its domestic and foreign group companies, including the banks in the
RBI CEE network, and advised them on GDPR implementation. All RBI companies are subject to strict data
protection principles, although the applicable national laws sometimes impose different requirements, particularly
the network banks in non-EU countries. Additional information on the processing of personal data by RBI can be
found in the RBI data protection declaration: https://www.rbinternational.com/dataprotection
Instances of complaints relating to violations of customer privacy and data protection violations are monitored at
RBI and all domestic and foreign subsidiaries, the reasons for the respective complaint or data protection violation
are investigated and the necessary measures are taken.