Find your Coloplast country website

Data Privacy and Information Security

The trust of the outside world is very important to us. To maintain and improve the trust we work hard to protect the personal and confidential information we receive. This is combined with our ongoing efforts to be transparent about our use of such information, and to ensure compliance with applicable data privacy laws and regulations.

Our efforts in these areas are supported by the dedicated departments we have established within Information Security and Data Privacy. 


Data Privacy

We handle personal information pursuant to our global data privacy policy that forms our global baseline for privacy compliance. In addition, we have established global corporate procedures for handling data subject requests and data breaches, we track incidents closely to mitigate adverse trends and risks quickly.

We have appointed a Data Protection Officer to head up our efforts within the field of data privacy. The Data Protection Officer is fully dedicated to focus on data privacy, and is supported by local privacy representatives from our subsidiaries. The Data Protection Officer reports to Coloplast management on a regular basis, and is engaging with representatives of important group functions in a Data Privacy Board. 

Information Security

Information security is an absolute prerequisite for Coloplast in order to deliver on our mission as well as execute on our ambition of being the best performing Medical Device Company.

It is therefore essential that our information assets are protected from external and internal threats; unauthorized disclosure as well as breach of confidentiality, integrity or loss.

Global and standardized IT solutions, guidelines and processes are aimed at ensuring business continuity, business supporting processes and efficient sharing, protection and preservation of information.

We verify our information security management system through ISO/IEC 27001 certification and we drive continuous compliance to standards and policies through regular audits.

At the same time, we balance convenience and efficiency for authorized users against external and internal threats though information security risk management.

Binding Corporate Rules

Protecting the security and privacy of personal data is important to the Coloplast Group and the Coloplast Group conducts its business in compliance with the applicable laws on data protection and data security.


The Binding Corporate Rules (“BCR”) contain the provisions for the Coloplast Group for the protection of personal data which are binding for all participating corporate entities within the Coloplast Group towards data subjects. The BCR cover all personal data transferred between the Coloplast Entities. This includes personal data concerning employees, customers, subcontractors and other third parties processed internally by the Coloplast Entities as part of their regular business activities.

Joint Data Controllership

The concepts of controller, joint controller and processor play a crucial role in the application of the General Data Protection Regulation 2016/679 (GDPR), since they determine who shall be responsible for compliance with different data protection rules, and how data subjects can exercise their rights in practice. The concepts of controller, joint controller and processor are functional concepts in that they aim to allocate responsibilities according to the actual roles of the parties and autonomous concepts in the sense that they should be interpreted mainly according to EU data protection law.


Coloplast A/S has made joint controllership arrangements with all its Coloplast Group Entities for the obtaining of consents, whether online or offline, for the purposes of processing information about data subjects, including health data, in various respects to support the Coloplast business model.

View desktop version