At NIS, our main mission is to be able to deliver the best software solutions to the insurance industry. We believe that the protection of our customers’ and their end users’ data is fundamental to this mission. Thus, when the General Data Protection Regulation comes into effect by May 25, NIS is fully prepared to comply with the regulations.
GDPR in short
The General Data Protection Regulation is a set of rules and requirements aimed at protecting personal data held by businesses and other organizations. It aims to strengthen and unify data protection for all individuals residing within the European Union. This regulation also concerns the export of data outside the EU, which means that any country – anywhere in the world – will need to comply if they process European data.
The new regulations define additional requirements for organizations to protect personal data. These requirements include but are not limited to implementing certain policies and processes, developing an effective internal data protection management system and appointing a data protection officer.
Businesses are required to initially comply with the GDPR, but also need to demonstrate continued compliance and be able to report on their data processing.
NIS compliance with GDPR
Reliability and safe handling of our customers’ personal data has long been a high priority in the development of our applications. Thus, at NIS we work with IT security at a business-strategic level and there is constant effort to ensure a high quality level. Through our security policy, the management also prioritizes IT security as an essential part of our business culture.
In connection with our IT security strategy, we have chosen to set ISO 27002:2013 as our starting point, and has thus used the ISO method to implement an ISMS (Information Security Management System) framework. This framework includes a requirement for detailed documentation of IT policy and procedures. In addition, we are audited according to ISAE 3402. This is a standard for documenting that the internal controls of our information security are adequate.
For our software as well as for all our internal policies and processes, appropriate action has been taken in order to meet the new regulations and to help our customers comply with the GDPR.
Acturis has a group Data Protection Officer appointed who has the responsibility of advising us about compliance with EU GDPR requirements.