We protect the customers’ personal data

It is our responsibility to protect the personal data of our customers. We are aware of the risk of data breach when handling all that data. Therefore, we have processes and systems in place to ensure the highest level of data security.

It is our responsibility to protect the personal data of our customers. We are aware of the risk of data breach when handling all that data. Therefore, we have processes and systems in place to ensure the highest level of data security.

Insurance entails large amounts of data

As an insurance and pensions company, we gather large amounts of information and personal data, including sensitive information such as health details on our customers. This is also the case for injured persons covered by our insurances.

We solely use the information to service and for claims handling. We do not sell data. The customers can always get insight into which information we have on them.




We are aware of the risks

Processing personal data implies various risks which can be negative for the customers’ right to privacy such as the risk of data breach. A data breach can happen e.g. if we send information to the wrong customer or by other means accidental leak of personal data.

We take this risk very seriously, and therefore, we have implemented a comprehensive management system for data protection in addition to a policy on how to handle personal data. Furthermore, we have strict requirements to our data security.




Data breaches

Topdanmark continuously evaluates the processes for our data processing, thus we have a high level of protection of personal data. Our Compliance department continuously controls that the processes are complied with, and that the employees know how data breaches are detected.

Data breaches are reported to our Data Protection Advisor as well as reported to the Danish Data Protection Agency in accordance with the rules on  reporting of data breaches.

It is Topdanmark’s objective to reduce the number of data breaches to as close to non as possible, and to avoid data breaches so severe that they should be reported to the Danish Data Protection Agency.




This is how we act in the event of a data breach

In the event of a serious data breach, we notify the aggrieved parties. When relevant, we offer the aggrieved parties our assistance in limiting the implications of any misuse of the information. Data breaches are evaluated continuously to update our processes and IT systems to ensure that it will not happen again.




How we secure the customers’ personal data

We comply with the legislation in force on processing of personal data, and we have implemented  the general data protection regulation (the GDPR). We ensure that the data is stored and processed in a manner that does not challenge the customers’ right to privacy.  

We have IT systems that ensure:

  • That the personal data is up-to-date
  • That the personal data is not distorted
  • That the personal data is deleted when no longer relevant
  • That the personal data is not accessed by unauthorised persons

We only disclose customer information related to management of insurances, primarily to collaboration partners and other insurance companies. Topdanmark does not sell customer information.

Topdanmark imposes legally binding technical and organisational safety requirements to all main outsourcing suppliers and their sub-suppliers. 

 




Policy and processes

Topdanmark’s Board of Directors has adopted a policy on the overall requirements on Topdanmark’s use of personal data. These requirements are integrated in all the processes we have for data processing to ensure that our employees know how to handle customer information.

We have processes for mapping and risk assessment of data processing. In addition, we carry out risk assessments on external data processors which are e.g. used in relation to claims handling. Our Compliance department continuously control that the data processors comply with Topdanmark’s security requirements.

Read more about how we process personal data in our Personal data protection policy




Training of employees

All new employees must undergo e-learning that ensures knowledge and focus on the correct processing of personal data. With regular intervals, existing employees undergo a short e-learning course to ensure the continued focus on data protection.




Contact

REGARDING CSR
Pernille Fogh Christensen
CSR Responsible