Confidentiality and data privacy refer to the fundamental principles of protecting personal data from unauthorized access, disclosure, or use. General Data Protection Regulation (GDPR), a regulation in EU law on data protection and privacy in the EU and the European Economic Area (EEA), sets strict rules and requirements for organizations handling individuals' personal data, ensuring their privacy rights are respected and data is kept confidential and secure.
At Munich Re Service GmbH, our commitment to retaining confidentiality and data privacy covers the following aspects:
- Data protection principles: We adhere to fundamental principles, such as lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.
- Lawful basis for processing: We process personal data only if there is a valid lawful basis, such as consent, contractual necessity, legal obligation, vital interests, public task, or legitimate interests.
- Individual rights: According to GDPR, we grant individuals various rights, including the right to access their data, rectify inaccuracies, erase data, restrict processing, data portability, and object to processing.
- Consent: We obtain explicit and informed consent from individuals before processing their personal data and provide a clear mechanism for individuals to withdraw their consent.
- Security measures: We implemented appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data.
- Data breach notification: In the event of a data breach that poses a risk to individuals' rights and freedoms, we report the security incident to the supervisory authority and affected individuals within a defined timeframe.
- Data protection impact assessment (DPIA): We conduct a DPIA for high-risk processing activities that may impact individuals' privacy rights.
- Data transfers: When transferring personal data to countries outside the European Economic Area (EEA) we comply with specific safeguards and mechanisms to ensure an adequate level of protection.
- Data processing and confidentiality agreements: When using third-party data processors, organizations must have written agreements in place to ensure compliance with GDPR requirements. In confidentiality agreements, we outline the obligation of both parties to maintain the confidentiality of shared information.
- Non-disclosure agreements (NDAs): In NDAs, we outline the terms and conditions regarding the confidentiality, use, and disclosure of sensitive information. These agreements also specify the consequences of breaching the agreement, such as legal action.
- Data Protection Officer (DPO): The DPO ensures that our company complies with relevant data protection laws and regulations, all required privacy policies and procedures are in place and oversees overall data protection and privacy matters.
By focusing on these aspects, we establish a robust framework for confidentiality and data privacy, safeguarding individuals' personal data and complying with the GDPR regulations.