Intesa Sanpaolo pays great attention to the protection of personal data, of people, processes and treatments carried out within its structures, protecting the rights and interests of its customers and its employees.
The aim, even before legal requirements, is to draw more attention and awareness towards the issues of personal data protection, in the various processing stages within the Bank and the companies of the Group. The commitment is addressed to the Group companies and to their involvement in IT and organizational choices on the personal data processing: in-depth analysis of possible threats to the correct processing and confidentiality of data are centrally produced by applying best practices for combating the risks identified. The employees' awareness on these issues is maintained consistently high and is based on a systematic approach in the analysis of the new products designed for customers and the related processes that must comply with Group’s security and privacy policies.
Efforts were increased to raise awareness among its employees, also in view of the imminent entry into force of Regulation (EU) 2016/679 on data protection.
In order to monitor the level of protection and security of personal data, a complex process has long been introduced and is constantly updated, that provides the internal certification basis of the service approach for the protection of personal data at the Group level, aimed at continuous improvement.
Essential is the effort aimed at raising awareness among the employees on the precaution which, already ingrained in the customary banking activities, represents the very essence of personal data protection: the training upgrade is intended in general to all the employees and in particular, according to the different needs, to the staff that covers specific roles.
The following activities are kept under constant monitoring:
analysis, in terms of personal data protection, of new products or initiatives carried out by the Group banks;
processing of customers’ requests with regards to the right of access to their data or pertaining to complaints on the subject.