Nearly all of the information processed by a pension insurance company constitutes personal data and other confidential information. The basic premise for our operations is that we process this information so that the information is kept secure and confidential. We comply with the legislation concerning personal data, business secrecy and insurance secrecy. We do not, without consent, disclose information to anyone other than the persons and companies themselves and those entitled to receive such information by law.
Data protection at Veritas
In its capacity as a pension insurance company, Veritas is acting as a data controller referred to in the GDPR and Veritas is subject to the relevant obligations stipulated both at the EU level and the national legislation. Veritas has an appointed Data Protection Officer who monitors compliance with data protection legislation and supports the organisation in questions related to data protection.
The GDPR requires us to inform the data subjects of the type of personal data we collect and of the manner in which we process such information. We publish privacy policies concerning the processing of personal data on our website. The privacy policies and other information about the processing of personal data is available at veritas.fi/data-protection.
Data protection safeguards not only personal data, but also the company’s business functions, as well as the business secrets of the company, its customers and contractual partners. The objectives, responsibilities and methods for data security work are defined in Veritas’ Privacy Policy.
Our data protection and data security policies are updated and approved annually by Veritas’ Executive Group.
The Executive Group receives regular reports on the status and development of data protection, data security and personal data processing. Any significant changes, new threats or realised risks will be reported immediately.
Veritas’ Data Protection Officer is a member of the financial sector’s Data Protection Working Group, which develops data protection within the sector and supervises its interests.
Reporting channel for data security breaches
Veritas has an internal channel for reporting personal data security breaches. Personal data security breaches and the ensuing risk level for the data subject concerned are evaluated under the supervision of Veritas’ Data Protection Officer.
Data security and data protection in 2024
Veritas’ personnel complete an online training programme relating to data protection every other year. In 2024, the entire staff completed data protection training. It is the task of the Data Protection Officer to ensure that all employees complete this training.
Training related to data security was organised for the entire personnel in autumn 2024. The next training course will take place in 2026.
In addition, the company has training in data protection and security, which helps, among other things, to more effectively identify messages related to phishing. In addition, personnel are kept up-to-date by means of information published on Veritas’ intranet.
The data security breaches dealt with in 2024 mainly concerned low-risk situations that did not pose a risk to the rights and freedoms of the data subject. In cases concerning a potential or high risk, Veritas followed the GDPR procedure.
All requests made in 2024 for the review of a data subject’s own personal data under the GDPR were responded to within four weeks of the request. Supplementary data requests were also responded to within the time limits imposed by the regulation.