Data security, privacy, and cybersecurity

Input and correlations relevant to issue

Issue definition

Data exchange has become a permanent social and economic phenomenon. Data exchange and storage, and privacy-sensitive information, require maximum safeguards at all times.

Stakeholder expectation

Stakeholders expect us to use their data and personal details safely and carefully. Data exchange has become a permanent social and economic phenomenon. Data exchange and storage of privacy-sensitive information require maximum protection at all times.

Our long-term objective

Alliander respects the privacy of employees and customers. This means that we exercise due care in using their personal data and treat them confidentially. We meet the requirements set out in the General Data Protection Regulation (GDPR). Customers and employees can trust Alliander to protect their personal data.

Contribution from Alliander

We are obliged to meet statutory requirements for all personal data that we process (or intend to process). Pursuant to the GDPR, we have appointed a Data Protection Officer for Alliander customer data, who is responsible for monitoring GDPR compliance within the organisation. In addition, we set up a data processing register in 2019 to document all our personal data processing activities. Finally, we use Data Protection Impact Assessments (DPIA) to perform prior risk assessments whenever necessary due to the quantity or sensitivity of the data being processed. Customers can go to to exercise their associated rights, such as the right of access, right to erasure, and right to restriction of processing.
In addition to working from home, other factors such as the increased use of employee data, more extensive deployment of contractors and intensification in the distribution of energy data led to a stronger focus on cybersecurity in 2020. In order to gain an even better understanding of the security risks at Alliander, we have reassessed the position of Chief Information Security Officer (CISO). We have also had our security processes certified by an independent external party in accordance with ISO 27001 and the Security Verified standard. 

Relationship with Alliander impact model: social capital, manufactured capital

The safety and privacy risks inherent in the management of personal data by Alliander and the energy suppliers have a potentially negative impact on our social capital. The assets/systems for the mitigation of cybercrime and hacking risks make a positive contribution to our manufactured capital.      

Link with strategy



Financial risks, reputational risk, privacy of energy data

Stakeholder information