The Privacy Sub-Department of the Safety and Protection Head Office Department ensures that personal data are collected and processed in accordance with laws and the principles in the Code of Ethics. All Group personnel receive training and updates on this issue, through mandatory initiatives online, and in classroom sessions and activities focused on specific areas.
During the year, the Data Protection Authority issued seven claims procedures against Group companies, with necessary follow-up provided; no cases of Group customer data being lost or stolen were registered (see also the section “Claims Management”).
In May 2016, the Regulation (EU) 2016/679 came into force (effective from 25 May 2018), which requires the Group to align with new requirements on privacy, including: the “right to be forgotten”, privacy “by design” and “by default” and the pseudonymisation and portability of data. Project activities on this aspect have been started with other specific company functions.