Intesa Sanpaolo pays great attention to the protection of people, personal data, processes and material assets treated within its structures, protecting the rights and interests of its employees and its customers. The aim, even before legal requirements, is to draw more attention and awareness towards the issues of personal data protection, in the various processing stages within the Bank and the companies of the Group.
The commitment is also addressed to the Group companies and to their involvement in IT and organizational choices on the processing of personal data: in-depth analysis of possible threats to correct processing and confidentiality of data are centrally produced by applying best practices for combating the risks identified. The employees' sensitisation on these issues was increased in relation to the entry into force of some specific measures taken by the Italian Data Protection Authority.
In order to monitor the level of protection and security of personal data, a complex process has long been introduced and is constantly updated, that provides the internal certification basis of the service approach for the protection of personal data at the Group level, aimed at continuous improvement.
Essential is the effort aimed at raising awareness among the employees on the precaution which, already ingrained in the customary banking activities, represents the very essence of personal data protection: the training upgrade is intended in general to all the employees and in particular, according to the different needs, to the staff that covers specific roles.
The following activities are kept under constant monitoring:
analysis, in terms of personal data protection, of new products or initiatives carried out by the Group banks;
processing of customers’ requests with regards to the right of access to their data or pertaining to complaints on the subject.