Handling of personal data at Coor
How does Coor secure that the handling of personal data is compliant with data protection regulation?
Coor has carried out an extensive work to secure that the basic purpose of the general data protection regulation ("GDPR") is fulfilled - that is to see to that data subjects receive information enough to understand how Coor processes data subjects' personal data and to give data subjects the right to determine the extent of such processing as well as to control that the data is correct. Everyone that processes personal data will have to take an active responsibility to secure that the data protection regulations, some new and some more extensive than earlier, are followed and also be able to show this.
Coor is well prepared to handle the increased demands and has carried out a comprehensive GDPR-project within each country as well as on group level, that has addressed the demands in GDPR with updated processes, routines, IT-support, information and education. Coors GDPR-project has not only covered personal data related to Coors own organisation, but also the personal data that Coor processes on behalf of Coors customers.
After the implementation of the project, GDPR-related activities are continuously followed up by Coors executive management team. This is reported on a regular basis on national as well as group level to secure that Coor is compliant with GDPR. There is also an organisation within Coor that is responsible for securing compliance with GDPR over time, which among other things include a data protection officer for group-wide data protection issues as well as responsible in each respective country. The data protection officer can be contacted via GDPR@coor.com.
When planning a new processing of personal data, that implies specific risks for the data subjects, an assessment shall be made regarding the possible impact that such a processing could have on the data subjects and actions that are needed to mitigate such risks (data protection impact assessment). Coor has implemented processes and tools to handle this.
GDPR also includes requirement on built in privacy ("privacy by design"). This means that every new service or business process which include that Coor processes personal data, will have to consider the protection needed for such data and include functions that supports this.
Coor has also worked together with its IT-suppliers as regards security when handling personal data as well as other information.