Non-financial report

Data protection

Our professional and personal daily lives are hard to imagine without the constant exchange of data. Data protection has become a fundamental right. In specific terms, it involves protecting personal data and individuals these data relate to from misuse during the collection, processing and use of these data. This is governed by the General Data Protection Regulation (GDPR) and national laws in force in Europe. In order to ensure compliance with the stringent data protection requirements in place, UNIQA has established its own data protection organisation (Data Protection Governance) within the company. Its aim is to ensure the protection of personal data by implementing an efficient data protection management system (DPMS) and to safeguard a continuous improvement process based on a risk management system.

The Data Protection Officer reports directly to the Management Board, working as the second line of defence to monitor compliance with data protection provisions in the company and the first line of defence. The Data Protection Officer does not take any instructions in this role. Meetings between the local Data Protection committees are held on a quarterly basis.

A Data Protection Coordinator is appointed in each department. These individuals act as the first point of contact for any data protection matters within the department and support the data owners in advising on projects and responding to specific questions, for example. In order to provide more efficient support to the first line of defence as well as for project consulting purposes, the Data Protection Operations department was added alongside the existing Data Protection Legal department in 2021. Both units advise on data protection issues and the technical and organisational issues required for this purpose. Furthermore, they provide support with regard to updating the record of processing activities and handling data breaches. They also act as an interface for internal and external customers in relation to queries that require inter-disciplinary data protection expertise (i.e. data protection and data security).

Targets and target achievement – Data protection

Topic

Target achievement in 2021

Targets for 2022

Implementation of Data Protection Governance

Data protection is an inter-disciplinary issue and requires cross-subject expertise and appropriate interfaces to provide advice. A data protection organisation (Data Protection Governance) was therefore established within the company and extended in 2021 to include the Data Protection Operations department. Our objective in 2021 was to commence the gradual implementation of the new governance system for data protection at UNIQA.

We continued to implement the new governance system for data protection in 2021 and have now completed this work.

Expansion of data protection management system

In order to be able to fulfil the accountability obligations arising from GDPR and the associated documentation requirements, there is a continuous need for processes to implement data protection measures in the company.

The target set for 2022 is to ensure the protection of personal data by implementing an efficient data protection management system (DPMS) and to safeguard a continuous improvement process based on a risk management system.