Data protection at Twoday

We operate with a robust system to ensure data protection and privacy compliance. The company has a Data Protection Officer (DPO), a Data Protection Council (Council), and Data Protection Managers (DPMs) in each of our business units.

Strategic decisions regarding data protection are made through the Council to guarantee transparency and accountability. Twoday has delegated the responsibility of complying with privacy legislation to the DPO, a formal and independent role as described by the General Data Protection Regulation (GDPR). The DPO oversees privacy-related tasks within Twoday.

All Twoday business units adhere to the outlined framework and organizational requirements. Each business unit has a DPM resource who collaborates with the country DPM. The country DPM is part of the council with the DPO, reporting on various aspects such as privacy training progress, internal control, incidents, and policy compliance. The Council then reports these findings to Twoday group management and owners.

Twoday ensures employee awareness through its privacy policy and internal guidelines. These documents clarify how twoday processes customer and internal personal data. To stay compliant with data protection laws and meet customer expectations, twoday conducts regular assessments of its products and services, examining data processing, protection measures, and sharing protocols. These assessments help mitigate data protection risks and prevent incidents.

We have an overview of the data we are working with, we have classified our data, and we have control over our subcontractors.

Twoday is monitored through a security and compliance regime. The company maintains a 24/7 monitoring system where employees can assess status from a data protection and security perspective.