Digitalization and Data Security
Digitalization of Internal Processes and in Customer Services
Digitalization offers a lot of opportunities to develop processes further. It is an important topic at Vonovia: Ideas for improvements become digital solutions that make customer services quick and easy for our tenants and optimize our processes. For instance, we have already introduced digital tenant and HR files as well as a digital installation portal. We were recognized as a top digital company by the Süddeutsche Zeitung Institute and Statista for our dedication to digitalization in the reporting year.
Digital applications also help us to manage our portfolio. Internet of things (IoT) technology enables data-based decision making and an effective analysis of the technical status of building infrastructure independent of location. Almost all of the elevator systems in our buildings, for example, send reports to the technology center in real time. The information is then pooled and analyzed there. The central heating systems are also monitored remotely. With the data collected, we notice disruptions sooner and can remedy them quicker. The heating systems can also be managed more efficiently and buildings’ carbon emissions lowered. We are currently developing an additional app for remote heating monitoring that is due to be made available in the course of 2023.
We also make the most of the opportunities presented by digitalization when it comes to communicating with our tenants: Our Customer Service department successfully uses systems to automatically categorize customer inquiries and then forward them to the right administrator. This enables us to respond more quickly and more precisely to inquiries. And our customer app “My Vonovia” is continually being developed further. With the app, our tenants can log repair work independently and have access to all documents relevant to their tenancy at Vonovia. This makes our administration processes leaner, which in turn contributes to our sustainability goal due to our decreased use of financial, personnel, time and natural resources.
One particular focal point of our digital work in the reporting year was on harmonizing the IT systems and structures of Vonovia and Deutsche Wohnen. Duplications were eliminated and IT landscapes were consolidated. A uniform company platform and process landscape is currently in place.
We have made a push to integrate collaborative and digital tools and programs in our everyday work across all areas and opportunities for mobile work. This has enabled us to cut back on business travel, which contributes to our climate protection targets. A works agreement was adopted back in 2019 regarding mobile working, which forms the foundation for further steps and improvements.
It is our aim to advance digitalization further in our company in order to improve the efficiency and standardization of our processes. With all the new opportunities that come from this, the risks also grow – such as potential data protection breaches. We keep a close eye on these and put appropriate measures in place whenever necessary.
Data Security and Data Protection
The long-term protection of personal data is particularly important to Vonovia We therefore adhere strictly to the applicable provisions of data protection law and take the measures necessary to fully protect data. These include a uniform Group-wide rulebook on data protection and privacy, information security and the internal control system, and a cyber security system to protect company-related data.
Our employees receive regular mandatory data protection training, initially upon joining the company and then every year afterwards. Since 2021, employees have also been able to complete the training independently online from any location. Data protection coordinators track the compulsory training attendance on behalf of the employees in their department to ensure that they complete it. At the beginning of 2023, the Deutsche Wohnen subgroup also introduced this training for employees.
We follow the current recommendations of the Federal Office for Information Security (BSI) and perform weak-spot scans at regular intervals. 99% of our IT systems are ISO 27001-certified through the service provider. We also perform regular data protection audits for providers that process personal data on our behalf. Topics covered by the audit include the procedures and measures implemented to guarantee system resilience and IT disaster recovery plans.
Our package of measures taken in the area of data protection has led us to classify the risks related to inadequate IT security or violations of the General Data Protection Regulation as extremely low within our risk management. Mobile working also does not involve any significant data protection-related risks. Reports regarding misconduct or breaches of data security or data protection can be made at any time via Vonovia’s diverse complaint mechanisms. Comprehensive information regarding data protection at Vonovia is publicly available on our website.
Vonovia has defined clear responsibilities and contacts for data security and data protection in all relevant Group areas. The Chief Information Officer (CIO) is the most senior party responsible for information technology and also responsible for managing the planning, operation and selection of technology. The IT department has been assigned to the Chief Transformation Officer's (CTO) Management Board function since January 2022. The Compliance and Data Protection department monitors the implementation of the measures in the individual departments and provides advice for any issues relating to data protection. The head of each department is responsible for the security of information and data that is predominantly created, collected, used or processed in their department (data officer). In addition to the data protection officer, there are also data protection coordinators in all departments in Germany and Austria.
The Management Board is provided with information about developments in the area of data protection and information security once a year with the data protection report. In Austria, a status report is provided to the management of BUWOG once a year. The Audit Committee deals with all issues concerning data security on behalf of the Supervisory Board and also receives our data protection report once a year.