Financial and Insurance
Concerned about data protection?
The GDPR brings additional complexity to the already heavily regulated financial and insurance sectors. Many requirements of the GDPR complement existing legislation, but particular attention must be paid to the protection of personal data.
Financial institutions and insurance companies often process large amounts of personal data that are often sensitive in nature. Particular care must be taken to ensure that this data is used only for its intended purpose, that it is shared only in a controlled manner and that it is stored and deleted correctly and in a timely manner.
The use of data for profiling and automated decision-making is also subject to strict rules under the GDPR.
This page explains what data protection legislation means for financial institutions and insurance companies and what aspects they must take into account when managing personal data.
What does the legislation mean for the financial sector and the insurance industry?
Like all other organisations, financial institutions and insurance companies must:
- Be transparent in the way they process personal data and are responsible for it
- Being able to discover, manage, repair, prevent and report on data leaks. If necessary, contact should be made with the Dutch Data Protection Authority (AP).
- Have insight into the data they have, where it is stored and who has access to it
- Implement effective processes and procedures to protect personal data
- Allow customers, employees and other individuals to:
- Have access to the data that is stored
- Ensure that the data is correct and change it if necessary
- Have it removed (unless there is a legal obligation to do so)
- appoint a data protection officer if they:
- Be a government agency
- Process data at scale
- Use the data for profiling or automated decision-making
Key data protection considerations for financial and insurance organisations
Organisaties in de financiële sector en het verzekeringswezen moeten bij allerlei activiteiten persoonsgegevens beschermen. Enkele belangrijke apecten zijn:
Additional regulations
- Legislation, such as the Financial Supervision Act (Wft) and the Money Laundering and Terrorism Financing (Prevention) Act (Wwft)
- Regulations from national and European institutions, such as in relation to the EBA (European Banking Association) and the DNB (De Nederlandse Bank)
- Regulations of the Netherlands Authority for the Financial Markets (AFM)
- Fraud detection and combating
Processing of sensitive data and special category data
- Banking legislation
- Anti-money laundering regulations
Manage sensitive and special category
- Data Protection Impact Assessments
- Personal data, financial data, medical data, data on criminal convictions, in particular for insurance purposes
Multiple and legacy systems
- Duplicated data in different systems and data minimisation
- Retention and deletion of data
- Systems for processing Execution of data subject rights
Administration
- Email systems
- Payroll administration, pension administration and personnel files
- Visitor list, access and camera surveillance
Data protection
- Maintain network and server security
- Data encryption
- Cybersecurity
Rules and agreement
- Privacy, retention, cookie and data protection policies
- Staff guides
Share data with others
- Transfers with third parties
- Data exchange outside the EU
- Agreements on data processing and data exchange
Processing large amounts of data
- Appointment of a data protection officer
- Profiling and automated decision-making
Make a request below
Fill in your details below and we will contact you as soon as possible