Nearly all of the information processed by a pension insurance company constitutes personal data and other confidential information. The basic premise for our operations is that we process this information so that the information is kept secure and confidential. We comply with the legislation concerning personal data, business secrecy and insurance secrecy, and we do not, without consent, divulge information to anyone other than the parties and companies themselves and those entitled to receive such information by law.
Data protection at Veritas
In its capacity as a pension insurance company, Veritas is acting as a data controller referred to in the GDPR and Veritas is subject to the obligations stipulated both at the EU level and the national legislation. Veritas has an appointed a Data Protection Officer who monitors compliance with data protection legislation and supports the organisation in questions related to data protection.
The GDPR requires us to inform the data subject of the type of personal data we collect and of the manner in which we process such information. We publish privacy policies concerning the processing of personal data on our website. The policies and further information concerning personal data processing is available on our website under Data protection.
Data protection safeguards not only personal data, but also business functions of the company, as well as the business secrets of the company, its customers and contractual partners. The objectives, responsibilities and methods for data security work have been defined in Veritas’ Privacy Policy.
Our data protection and data security policies are updated and adopted annually by Veritas’ Executive Group.
The Executive Group receives regular reports on the status and development of data protection, data security and personal data processing. Any significant changes, new threats or realised risks are reported immediately.
Reporting channel for data security breaches
Veritas has an internal channel for reporting personal data security breaches. Personal data security breaches and the ensuing risk level for the data subject concerned are evaluated under the supervision of Veritas’ Data Protection Officer.
Data security and data protection in 2022
The training of personnel in data protection matters concerns all of Veritas’ employees. Veritas’ personnel complete an online training programme relating to data protection every other year. Year 2022 was a training year. The Data Protection Officer monitors to ensure that all employees complete the said training.
In the majority of the cases in 2022, the breach was not deemed to have caused any risk pertaining to the rights and freedoms of the data subject, but, rather, the situation involved only a low level of risk. In cases involving a risk and high risk, Veritas has complied with the procedure stipulated under the GDPR.
In 2022, the Data Protection Ombudsman’s office contacted us concerning prior data security breaches. The contacts related to supplementary information to previously made notifications.
All requests for the review of a data subject’s own personal data under the GDPR made in 2022 were responded to within four weeks of the request. Supplementary data requests were also responded to within the time limits imposed by the regulation.