BMW 2014 Annual Report Download - page 77
Download and view the complete annual report
Please find page 77 of the 2014 BMW annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30
-
31
-
32
-
33
-
34
-
35
-
36
-
37
-
38
-
39
-
40
-
41
-
42
-
43
-
44
-
45
-
46
-
47
-
48
-
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67 -
68 -
69 -
70 -
71 -
72 -
73 -
74 -
75 -
76 -
77 -
78 -
79 -
80 -
81 -
82 -
83 -
84 -
85 -
86 -
87 -
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
 |
 |
77 COMBINED MANAGEMENT REPORT
impact on the net assets position and earnings perfor-
mance of the BMW Group.
Further information on risks in conjunction with pen-
sion provisions is provided in note 36 to the Group
Financial Statements.
Information, data protection and IT risks
The importance of electronically processed data
con-
tinues to rise, with information technology (IT) playing
an increasingly crucial role in every aspect of the
business. These developments create opportunities on
the one hand, whilst also posing a source of risk on the
other.
The BMW Group could incur damage if the confiden-
tiality, integrity and / or availability of sensitive informa-
tion and data are not maintained. Great importance is
attached to the protection of business information and
of employee and customer data against unauthorised
access and / or misuse. Data security, based on Interna-
tional
Security Standard ISO / IEC 27001, is an integral
component of all business processes. Personal data is
protected in accordance with the stringent requirements
of the EU Data Protection Directive and the Federal
Data Protection Act (Bundesdatenschutzgesetz – BDSG).
All employees are required to treat confidential infor-
mation (such as customer and employee data) in an ap-
propriate manner, ensure that information systems are
properly used and that risks are handled with the ut-
most transparency. Uniform requirements, documented
in a coordinated and comprehensive set of principles,
guidelines and work instructions, are applicable group-
wide. Regular communication and sensitisation-rais-
ing activities create a high degree of security and risk
awareness among the employees involved. Employees
receive training to ensure compliance with applicable
requirements and in-house rules.
Risk management procedures include systematic docu-
mentation of all information / data protection and IT
risks, regular monitoring and the implementation of
appropriate measures by the departments responsible.
Technical data protection procedures include virus
scan-
ners, firewall systems, access controls at both operating
system and application level, regular data backups and
data encryption. Regular analyses and controls (in-
cluding
the testing of data protection requirements) and
rigorous security management ensure a high level of
security.
Responsibility for data protection in each Group entity
lies with the Board of Management (of BMW AG) or
the
relevant company management team. Local Data
Privacy Protection Officers are embedded in each of the
Group’s entities.
In the case of cooperation arrange-
ments and business partner relationships, the BMW
Group protects its intellectual property as well as cus-
tomer and employee data by stipulating clear
instruc-
tions with regard to data protection and the use of
information technology. Information pertaining to key
areas of expertise as well as sensitive personal data
are subject to particularly stringent security measures.
In a clear signal to employees, customers and Europe’s
data protection authorities that data protection is taken
very seriously, the Board of Management of BMW AG
resolved a set of Binding Corporate Rules (BCR) that
ensure the secure transfer of personal data throughout
the BMW Group’s global organisation. The BMW Group
has become the first car manufacturer worldwide to
successfully complete the relevant BCR recognition pro-
cedures.
The requirements placed on IT facilities – both externally
and internally – are changing at a breathtaking pace in
the face of technological developments. Potential risks
are therefore investigated continuously and appropriate
measures put in place to prevent or minimise their im-
pact. Despite regular testing and the whole gamut of
preventative security measures employed, it is neverthe-
less impossible to rule out risks completely in this area.
If information, data protection and IT risks were to ma-
terialise, they are only likely to result in a minor impact
on the results of operations over the two-year assess-
ment period. The levels of risk attached to information,
data protection and IT risks are classified as medium.
Information, data protection and IT opportunities
Conversely, the deployment of information technology
also opens up many opportunities. New approaches
to production and energy supply systems that are cur-
rently being investigated in the context of “Industrie
4.0” are generating significant efficiency improvements
and resulting in greater sustainability. The range of