AthGene: Secure storage of sensitive personal data

AthGene gives customers access to genetic information that helps them optimise their diet, exercise, sleep, weight loss, etc. Through genetic testing, the customer learns about their unique sensitivity to salt, fat and carbohydrates, which allows them to tailor nutrition plans to suit their body’s specific requirements. Genetic tests are done with a saliva sample, which the customer submits for analysis. The result forms the basis for the subsequent advice and action plan.

AthGene helps athletes optimise their training based on genetic testing and guidance. Secure storage of sensitive personal data is therefore critical to their business. Consequently they have trained a data security officer responsible for the company complying with procedures and rules in the EU General Data Protection Regulation, which became effective in 2018.

AthGene has trained a data security officer to ensure that the company complies with procedures and rules in the EU General Data Protection Regulation.

Business based on trust

“We help people gain a basic understanding of their DNA in relation to being able to adapt and optimise their training, minimise the risk of injuries, etc. Therefore, our customers must not be in any doubt that we process and store their sensitive personal data in a secure manner. Trust and credibility are crucial to our business,”explains Sebastian A. Thomsen, founder, CTO and newly trained Data Protection Officer (DPO) at AthGene.

In the spring of 2016 he completed Delacour’s and Dubex’s DPO training so that the company was ready to handle the EU General Data Protection Regulation:

“We want to be at the forefront of the GDPR, and as such we needed knowledge about how we should relate in order to secure our business basis in the best possible way. We’ve been notified of many things and as a layperson, it’s difficult to see what the legislation means for us and how we need to adapt our systems and processes in order to ensure accountability”

Sebastian A. Thomsen – CTO & DPO, AthGene

Will be able to vouch for data security

When the GDPR enters into force in 2018, all public institutions will be required to employ a DPO, but several institutions can share one. All private organisations must have a DPO (can be external) if they run a business where the core activity consists of personal data processing or systematic monitoring of a large number of private individuals. But regardless of whether the company has to have a DPO or not, everyone must be able to document that they have control over the security of personal data.

“We have DNA data on people, so we will be able to vouch for our data security. That means we must be able to guarantee that data we’ve deleted at the request of a customer cannot be traced. It presents some technological challenges in relation to the design of our systems, which we have to know and take into account now, because it takes time to develop,” explains Sebastian Thomsen and continues:

“DPO training has given me all-round knowledge of the Danish Data Protection Act and an understanding of how I should interpret the legal part of the legislation and what I should take into account in daily operations.”

“I feel ready to take on the task. The teachers on the programme were highly professional and were able to give us a lot of specific cases to start from.

Sebastian A. Thomsen – CTO & DPO, AthGene

Benefit from the professional network

DPO training participants have very different backgrounds, but they all have one common goal, and that’s being able to handle the new legislation for the benefit of the company.

“Some participants had a technical background like myself, while others were concerned with the law. I think we’ll use each other a lot moving forward for discussion and dialogue, because we can all contribute with different experiences and specialist knowledge within our field. That’s invaluable,” says Sebastian Thomsen and concludes:

“I feel ready to take on the task. The teachers on the programme were highly professional and were able to give us a lot of specific cases to start from. We had a structured course over the four days, where we worked with the things we learned and had the opportunity to digest the many pieces of information.”

About the DPO training course

Delacour’s and Dubex’s DPO training course is aimed at individuals who are employed or designated as DPOs or data protection officers. The course runs over 2×2 days and is based on theory and cases.

Delacour’s specialists ensure participants get to know the basic legal principles and data protection rules, while Dubex’s security specialists share many years of experience in advising and implementing data protection solutions. Insight is gained into existing tools as well as practical experience from Danish and international companies that work with compliance-driven personal data protection.

About Dubex

Dubex is a market-leading cyber security partner, supporting 500+ locations worldwide.

Since 1997 we have helped companies and public institutions managing risk, adapting to changes and grow more flexibly. With deep industry and technical expertise, a comprehensive product portfolio and a proven track record, Dubex is the ideal partner for IT teams who want to contribute to their company’s success.

Dubex is today a full-service IT security company, helping with security products, governance, processes, implementation, analysis, operational support, full operation of our customers’ solutions and more. We also offer a wide range of security services, including penetration testing, monitoring and security incident management.

Address tomorrow’s challenge, today.

Talk to an expert about how we can secure your business