1. Home
  2. Sustainability
  3. Governance
  4. Privacy

Privacy

Basic Approach and Policy

For Olympus as a MedTech company, privacy is fundamental, underpinning our commitment to responsible data stewardship and compliance with stringent global regulatory requirements. Strong privacy governance reinforces investor confidence by demonstrating privacy risk management and long-term resilience in a data-driven healthcare ecosystem. For customers and patients, our dedication to protecting sensitive information fosters trust, strengthens our relationships, and supports the safe and ethical use of our technologies.

Privacy Policy

We have defined and implemented a global Privacy Policy as our foundational governance document. This Privacy Policy sets the standard for privacy across the entire organization, regardless of the location, region, or function. Where necessary, localized versions of the policy with appropriate adjustments are permitted.

Implementation Approach

Olympus employs a federated approach between the central definition of privacy governance, risk management, and compliance frameworks and the localized implementation of privacy into our processes, applications and products, spanning global, regional and local organizations.

Implementation Approach

Privacy Program Structure

Privacy Governance

The Olympus Privacy program is integrated within our overall governance structure and is part of the Aligned Assurance approach and the structure of the respective frameworks of management systems. On top of this, the build and management of the privacy program and its capabilities are closely aligned with Olympus’ strategic and tactical business priorities.

Privacy Governance

Privacy Operating Model

Olympus Privacy establishes working processes in line with Olympus' transition towards a global operating model. While still structured in a regional fashion, a global working environment is established to provide global standards and global tools. Regional Privacy teams are involved in global projects or initiatives to further embrace and underpin the commitment to a global operating model.

Privacy Operating Model

Privacy Capabilities

The Olympus privacy program builds privacy capabilities across the company with the objective of steadily increasing the maturity of the organization following a risk and opportunity-based approach. These privacy capabilities ultimately enable value-driving business capabilities and therefore connect privacy risk management and compliance with business outcomes.

Privacy capabilities

Targets and Progress

Maturity

Maturity

The primary privacy program KPI is “maturity”. Maturity refers to the degree to which the system is formally established, consistently applied, continuously measured, and proactively improved over time.

At the highest maturity level, a management system operates with clear governance, standardized processes, defined roles, and evidence-based monitoring that ensures reliability and repeatability. Such status indicates that the organization not only meets baseline requirements, but also embeds the system into its culture, enabling strategic, data-driven decision-making and continuous improvement.

The target is to be at a “Managed” level of maturity across key capabilities of our privacy program. Getting there requires consecutive review cycles.

Management Process

The Chief Privacy Officer reports against these KPI and underlying metrics into the Global Risk Assurance and Compliance Committee (G-RACC). The G-RACC is co-chaired by the Chief Executive Officer and the Chief Compliance Officer. Instruction and guidance provided by G-RACC provides direction for further prioritization and focus area of the privacy program.

The target maturity of our privacy management system is managed across key capabilities.

Management Process

Chief Privacy Officer

In 2022, Olympus established a dedicated global sub-function to build and manage the privacy program for Olympus. It is led by the Global Chief Privacy Officer. Dr. Falk Boehm serves as Olympus Chief Privacy Officer.

Biography Note of Dr. Falk Boehm

Dr. Falk Boehm is a licensed attorney and holds a doctorate degree in public law. He has gained extensive experience in privacy and adjacent areas across different industries and companies of various sizes and structures. Before joining Olympus as Chief Privacy Officer in November 2022, Falk served as Global Privacy Officer at a leading global sporting goods company. In addition to his role as Cheif Privacy Officer, Falk co-leads AI Risk Governance at Olympus in collaboration with the Chief Information Security Officer (CISO).

Contact

The Privacy team and the Chief Privacy Officer can be reached at privacy@olympus.com.

Related information