Your data matters

Data protection is more than a compliance issue.

We know you care about your privacy and respect that. Our business is to protect our clients for all events. This also applies to the personal information we share. We exchange a vast amount of personal data with our customers on a daily basis. It can be any information connected to a person, directly or indirectly.

There is no difference whether the data is private, work-related or online identifiers - if they can be linked back to a person.

On 25 May 2018, the General Data Protection Regulation will be enforced across Europe. The law provides citizens more control over their data and creates a uniformity of rules to enforce across the continent.

All kind of information that directly or indirectly can be linked to a physical person that is alive:

  • pictures
  • telephone recording
  • name
  • address
  • e-mail address
  • camera surveillance
  • policy holder number
  • registration number on cars.

The General Data Protection Regulations (GDPR) is a new set of rules governing the privacy and security of personal data laid down by the European Commission. The Regulation requires that personal data has to be kept secure.

Rules to ensure control

The rules are very complex and we build them into our whole organisational culture to manage data safely and more effectively, internally and externally.

They are designed to ensure citizens control over how their data is processed and used. The basic rules can be described as:

  • Know what you have, and why you have it
  • Manage data in a structured way
  • Know who is responsible for it
  • Encrypt what you wouldn't want to be disclosed
  • Design a security awareness culture
  • Be prepared!

Compliance actions

We have worked within national regulations for some time and welcome this common EU regulation as an opportunity to improve the way we handle personal information.

In November 2015, If launched a Data Privacy Project to ensure that our systems are compliant with GDPR requirements. The initial phase of the project mapped the existing Nordic and Baltic IT systems and development projects to identify systems handling personal data. The findings have resulted in a number of comprehensive measures with regard to the deletion and/or anonymisation of personal data and sensitive personal data.

Concurrently we established retention periods for different information categories, e.g., customer information, claim information, insurance policies, prospects, and employee information. These retention periods are currently in the process of implementation.

In addition, the project focus is on the necessary activities to create and implement Data Privacy throughout If's organisation. The purpose is to:

  • Increase the level of awareness throughout the entire organisation through a mandatory training program for both employees and consultants
  • Map and review all business processes to ensure that our current manual processes handle personal data in a secure manner and revise and implement measures where needed
  • Improve our guidelines and instructions for processing/storing personal data other than in IT systems, e.g., emails and sharing of files

Our continuous efforts focus on whether that personal data within will remain secure and through implementation date, we will report data breaches to our supervisory authority and any affected individuals will also be notified directly.

We want you to trust us with your information. In the future – just as in the past. Any concerns or questions – do not hesitate to contact us.

Written by

Linda Häss