The impact of the area of personal data protection on the sustainability of the company:
In the financial industry, the protection of personal data is one of the key elements necessary for a stable and responsible business. Through our activities in the area of data protection, we ensure that our customer relationships are based on respect for privacy principles, that we increase confidence in the debt market and contribute to greater public awareness of this area.
At the same time, we understand that it is our duty to look after the interests not only of the KRUK Group, but also of the individuals whose data we process.
At the KRUK Group, we have implemented the GDPR Strategy, which is part of the ESG Strategy 2023-2027. The GDPR Strategy defines five objectives for 2023-2027:
- Strengthening the principle of privacy by design and privacy by default, in particular for projects related to new technologies and digitalisation, so that privacy is firmly embedded in the processes and systems operating in our organisation
- Engaging in dialogue with industry organisations and authorities in order to shape and promote high standards in the field of GDPR compliance and the rights and freedoms of data subjects.
- Fostering of culture of Data Privacy and Data Protection at the KRUK Group by implementing training and other privacy awareness activities.
- Effective execution of the Data Privacy Programme, implemented, inter alia, through consistent regulation in policies and instructions of individual areas of risk management of personal data processing, both at the group and local level
- Continuous improvement of the risk-based approach adopted at the KRUK Group, in particular with regard to managing the risk of non-compliance with GDPR as well as managing the risk of violation of the rights and freedoms of persons whose data we process.
As part of the five objectives of the GDPR strategy for 2023-2027, we have developed indicators for their revision, which will ensure that its implementation is measurable.
At the KRUK Group, we have also implemented a Privacy Protection Programme, which includes policies, instructions, contract templates and other internal regulations, most importantly the Personal Data Management Policy, which aims to ensure the effective protection of the rights or freedoms of individuals by formalising rules and procedures, concerning the processing of personal data and providing guarantees for the implementation of appropriate technical and organisational measures.
In addition, as far as the protection of personal data is concerned, we have implemented regulations concerning, among other things:
- risk management of personal data processing;
- entrustment of personal data processing and relations with processors,
- personal data processing incidents, including IT incidents;
- handling personal data breaches;
- methodology for conducting GDPR audits;
- fulfilling information obligations
And many others regulating in detail the principles of personal data processing in particular areas of the KRUK Group's operations
In implementing the GDPR Strategy, and applying the implemented risk management system, we are driven by legal obligations, regulatory guidelines and ethical principles, as well as taking into account the scale and complexity of our operations. In doing so, we aim to protect the personal data of our clients and other persons whose data we process from the negative consequences of a breach of their data security, and protect the KRUK Group from losses and operational downtime, reduce reputational risks and the risk of financial penalties. The right to privacy, is one of the basic fundamental human rights, so it is our priority that respect for it is firmly embedded in the DNA of our organisation.
We believe that our actions in this regard make a measurable contribution to increasing the trust of ours clients, business partners, employees and shareholders and to creating sustainable products and services in the debt management sector.