Storing of personal data

How does Coor secure that the handling of personal data is compliant with the new data protection regulation?

There is an extensive work going on within Coor, to secure that the basic purpose of the new data protection regulation (”GDPR”) is fulfilled – that is to see to that the data subject receives information enough to understand how Coor processes the data subject’s personal data and to give the data subject the right to determine the extent of such processing as well as to control that the data is correct. Everyone that processes personal data will have to take an active responsibility to secure that the new regulations, some new and some more extensive than today, are followed and also be able to show this.

Coor is well prepared to handle the increased demands and runs a comprehensive GDPR-project within each country as well as on group level, that addresses the demands in GDPR with updated processes, routines, IT-support, information and education. Coors GDPR-project does not only cover personal data related to Coors own organisation, but also the personal data that Coor processes on behalf of Coors customers.

GDPR-related activities is followed up by Coors executive management team and is reported on a regular basis on national as well as group level to secure timely progress.

The project analysis and evaluates the effects of the GDPR on the business and Coor has taken, and will take further, actions based on these assessments and which are defined as necessary and desirable to fulfil new and extended requirements. Coor is doing this by inter alia updating Coors internal frame work on how personal data can and has to be processed to increase the whole organisations competence and awareness on this important subject.

When planning a new processing of personal data, that implies specific risks for the data subjects, an assessment shall be made regarding the possible impact that such a processing could have on the data subjects and what actions that is needed to mitigate such risks (data protection impact assessment). Coor has implemented processes and tools to handle this.

GDPR further includes requirement on built in privacy (”privacy by design”). This means that every new service or business process that is using personal data will have to consider the protection needed for such data and include functions that supports this. This is also handled within frame of the GDPR-project.

Coor is also working together with its IT-suppliers as regards security when handling personal data as well as other information.