Data Protection

The PHOENIX group takes the protection and security of its employees, business partners and customers’ data seriously. As such PHOENIX has established strong data protection policies  and procedures across all 26 European countries within which it operates. The PHOENIX group has implemented measures to meet the requirements of the European General Data Protection Regulation (in EU/EEA-countries), local laws and provisions.
The PHOENIX group has appointed data protection officers and local data protection coordinators in all 26 countries. They are responsible for monitoring the compliance with all relevant provisions concerning data protection.
PHOENIX has developed bespoke data protection training modules for its employees to raise both awareness of this important subject and also to ensure all employees are aware of their responsibilities.


The PHOENIX group has established a web based reporting system which is designed to enable employees, business partners, customers and third parties an easy system by which to report data incidents or concerns. These reports are taken seriously and are reviewed and actioned regularly and are used to improve the protection of personal data.  
If you have any questions or concerns about personal data, please contact the local data protection officer. Central point of contact is


When should I report an incident?
PHOENIX group has an obligation to notify the supervisory authority within 72 hours of becoming aware of an incident, due to this, all incidents must be reported without delay via the online reporting tool.
What data incidents should be reported and how?
All personal data incidents are to be reported to the Data Protection team via the online reporting tool.
What is a data protection incident?
Data Protection incidents are any event which has, or could have, resulted in the accidental or deliberate loss of personal data (electronic or paper) or destruction of data, or unauthorised access to data (e.g. loss or theft of laptop, smartphone, paper record, prescriptions).
What happens after I submit a report?
The Data Protection team will review the incident report and will contact you for further information or, where necessary, will assist you with the post incident actions.

Data protection policy