Why is data privacy important?
The success of Bayer’s online activities is highly dependent on two factors: the users’ trust in the integrity of a provider and the transparency of services offered. Especially with respect to the area of data privacy, customers tend to feel uncertain. If it is not made transparent to them, which data are stored or transferred for what purpose, they will, in case of doubt, not avail the respective services or change the provider. A comprehensive implementation of data privacy requirements is a suitable means to promote the confidence of customers, which can be one of the key elements for the success or failure of an enterprise. Bayer wishes to interact with its customers in a fair and transparent way. By respecting our customers’ rights, we demonstrate that reliability, integrity and the needs of our customers are key values for our employees and our entire brand.
At the same time, internet-related data privacy issues are of a complex nature. Legislation is generally years behind actual developments. The discrepancy between legal framework on the one hand and practical implementation and control on the other hand is higher than in almost any other legal area. Since internet based services are publicly accessible, a review by data protection authorities can be affected easily and with only a few clicks. It is the aim of the Data Privacy Guidelines in the Bayer Webguide - Digital Guide to make the persons responsible for the design and operation of internet based services (like websites, mobile apps or social media channels) at Bayer aware of existing data privacy risks and to indicate how these risks can be minimized in practice.
Principles of Data Privacy
Bayer’s internet based services should be developed and run in accordance with the core principles of data privacy:
Privacy by design
Getting data privacy right from the start avoids potentially expensive corrections and damaging legal action later. Privacy by design therefore places privacy at the heart of the development process.
Developers of internet based services are required to think of and implement technical and organizational privacy measures right from the start of the development of their service in order to ensure a data privacy compliant operation and the guarantee of data subject rights.
Privacy by default
Privacy by default places privacy at the heart of the business process. Right from the start, any application or service should use the most privacy friendly setting, so that - by default - only personal data are processed which are necessary for the specific purpose of the processing.
Principle of transparency
Be open and honest with users about what kind of personal data is collected about them and inform them also about their rights in this regard by providing Privacy Statements.
Principle of data minimization
The principle of data minimization requires avoiding processing personal data where this is not absolutely necessary. For internet based services this means that personal data should only be processed if this is absolutely necessary for the application or service to function.
Principle of storage limitation
Personal data shall be stored in a form which allows identification of data subjects for no longer than is necessary for the purposes of the personal data processed.
The following pages aim to assist developers at Bayer to adhere to the above core principles of data privacy: