Compliance with high data protection standards is a basic requirement for the A1 Group. It ensures the trust of customers in the group of companies. A1 Group strictly adheres to the current legal framework in the area of data protection and information security.

Personal data is processed in accordance with the General Data Protection Regulation of the European Union (GDPR) and national data protection laws, as well as with specific provisions of national telecommunications laws. In the event of a breach of the protection of personal data, a report is made to the data protection authority as required by law and the persons affected are informed of this event.

Data of customers, employees, shareholders, suppliers and sales partners of A1 Group will only be passed on to third parties if there is a legal basis for doing so. In the event of requests for the transfer of data by courts, public prosecutors, police or other authorities, these are checked for their legality. Only in the case of a legally compliant request will data be passed on in accordance with legal and regulatory requirements. If necessary, the data subjects are informed about this process in accordance with the legal requirements.

In addition to legal requirements, all subsidiaries of A1 Group are obliged to comply with the information security standards created for this purpose as well as other country-specific data protection guidelines. Almost all companies in A1 Group already comply with the ISO 27001 standard, and the management systems are regularly evaluated. For example, the ISO certifications are reviewed annually. Adaptations are also made during the year if necessary.

The network operators of A1 Group are part of the critical infrastructure in all countries. The Group is aware of the special responsibility that this entails. For this reason, the company is committed to initiatives that go beyond what is required by law in order to constantly improve security and availability. In November 2021, A1 Croatia opened a new data centre in Zagreb. It is the most modern in the region, meeting the requirements of Tier III (classification of data centres, divided into 4 Data Centre Tiers) and withstanding earthquakes up to magnitude 9 on the Richter scale. A1 Group is particularly committed to cyber security. Particular attention is also paid to promoting young talent in the field of cyber security. Every year, professional trainees are given the opportunity to experience the challenges of a critical infrastructure operation in practice.