Nearly all of the information processed by a pension insurance company constitutes personal data and other confidential information. The basic premise for our operations is that we process this information so that the information is kept secure and confidential. We comply with the legislation concerning personal data, business secrecy and insurance secrecy. We do not, without consent, disclose information to anyone other than the persons and companies themselves and those entitled to receive such information by law.
Data protection at Veritas
In its capacity as a pension insurance company, Veritas is acting as a data controller referred to in the GDPR and Veritas is subject to the relevant obligations stipulated both at the EU level and the national legislation. Veritas has an appointed Data Protection Officer who monitors compliance with data protection legislation and supports the organisation in questions related to data protection.
The GDPR requires us to inform the data subjects of the type of personal data we collect and of the manner in which we process such information. We publish privacy policies concerning the processing of personal data on our website. The privacy policies and other information about the processing of personal data is available at veritas.fi/data-protection.
Data protection safeguards not only personal data, but also the company’s business functions, as well as the business secrets of the company, its customers and contractual partners. The objectives, responsibilities and methods for data security work are defined in Veritas’ Privacy Policy.
Our data protection and data security policies are updated and approved annually by Veritas’ Executive Group.
The Executive Group receives regular reports on the status and development of data protection, data security and personal data processing. Any significant changes, new threats or realised risks will be reported immediately.
Reporting channel for data security breaches
Veritas has an internal channel for reporting personal data security breaches. Personal data security breaches and the ensuing risk level for the data subject concerned are evaluated under the supervision of Veritas’ Data Protection Officer.
Data security and data protection in 2023
Veritas’ personnel complete an online training programme relating to data protection every other year. The next round of training will be realised in 2024. The Data Protection Officer monitors to ensure that all employees complete the said training. In addition, the company has training in data protection and security, which helps, among other things, to more effectively identify messages related to phishing. In addition, personnel are kept up-to-date by means of information provides through Veritas’ intranet.
In the majority of the data breaches that occurred in 2023, the breach was not considered to pose a risk to the rights and freedoms of the data subject, but was a low-risk situation. In cases concerning a potential or high risk, Veritas followed the GDPR procedure.
During 2023, the Office of the Data Protection Ombudsman has been in contact with Veritas with regard to earlier data breaches. The contacts concerned the need for additional information for earlier notifications.
All requests made in 2023 for the review of a data subject’s own personal data under the GDPR were responded to within four weeks of the request. Supplementary data requests were also responded to within the time limits imposed by the regulation.