The General Data Protection Regulations (GDPR) is a new set of rules governing the privacy and security of personal data laid down by the European Commission. The Regulation requires that personal data has to be kept secure.
Rules to ensure control
The rules are very complex and we build them into our whole organisational culture to manage data safely and more effectively, internally and externally.
They are designed to ensure citizens control over how their data is processed and used. The basic rules can be described as:
- Know what you have, and why you have it
- Manage data in a structured way
- Know who is responsible for it
- Encrypt what you wouldn't want to be disclosed
- Design a security awareness culture
- Be prepared!
We have worked within national regulations for some time and welcome this common EU regulation as an opportunity to improve the way we handle personal information.
In November 2015, If launched a Data Privacy Project to ensure that our systems are compliant with GDPR requirements. The initial phase of the project mapped the existing Nordic and Baltic IT systems and development projects to identify systems handling personal data. The findings have resulted in a number of comprehensive measures with regard to the deletion and/or anonymisation of personal data and sensitive personal data.
Concurrently we established retention periods for different information categories, e.g., customer information, claim information, insurance policies, prospects, and employee information. These retention periods are currently in the process of implementation.
In addition, the project focus is on the necessary activities to create and implement Data Privacy throughout If's organisation. The purpose is to:
- Increase the level of awareness throughout the entire organisation through a mandatory training program for both employees and consultants
- Map and review all business processes to ensure that our current manual processes handle personal data in a secure manner and revise and implement measures where needed
- Improve our guidelines and instructions for processing/storing personal data other than in IT systems, e.g., emails and sharing of files
Our continuous efforts focus on whether that personal data within will remain secure and through implementation date, we will report data breaches to our supervisory authority and any affected individuals will also be notified directly.
We want you to trust us with your information. In the future – just as in the past. Any concerns or questions – do not hesitate to contact us.