The General Data Protection Regulation (GDPR) is a new European regulation that will enter into force on 25 May 2018. It replaces the Belgian law on the protection of privacy.
What does GDPR mean in concrete terms?
The new European GDPR regulation aims at a better protection of citizens' privacy and a uniform application of the rules throughout the European Union. On the one hand, citizens will better understand how their personal data is used. On the other hand, the GDPR defines a clear legal structure, a standard applicable throughout Europe, so that companies know how to treat these data with respect for privacy.
Nothing will change, we will continue to process your personal data. You simply have more control over how your data is used: you can view, modify, transfer or delete it at any time. You may also restrict or object to the processing.
Obligation to provide more detailed information. Clear and precise information must be provided to the customer and appear on various supports such as the Internet site, postal mailings, documents, contracts, etc. The documents drawn up must also be regularly updated in order to guarantee the protection of customer data.
Express consent of the client to the processing of his health data. Obtaining explicit consent is a "conditio sine qua non" for the processing of personal data. The authorisation must be given by a clear and active act, such as a written declaration, including by electronic means, demonstrating that the client freely, specifically, knowingly and unambiguously consents to the processing of his health data.
Co-responsibility of the controller and the processor. Contracts with subcontractors should be revised to oblige them to ensure the security and confidentiality of customers' personal data and to process such data only on behalf of the controller.
Data breaches must be reported to the supervisory authority.
The GDPR also requires the appointment of a Data Protection Officer (DPO). It is responsible for ensuring compliance with regulations, as well as providing information and advice. He will be the point of contact for you and your customers. You can contact him by e-mail (email@example.com) and/or by post (NN Insurance Belgium, as regards the DPO, avenue Fonsny 38, 1060 Brussels).
Sending to customers
Since 24 April, we have been sending a letter in several waves to customers about the consequences of the merger between NN and Delta Lloyd Life. The letter will be sent over a 5 week period. We are also informing them about this new privacy law. Some customers will also be required to provide a copy of their ID card if we do not already have one. Click here for a sample letters.
Discover our FAQ here.