Frequently Asked Questions on the EU General Data Protection Regulation (GDPR)
On this page you’ll find answers to commonly asked questions, relevant documentation, links to useful external resources, and contact details should you need additional information on the GDPR.
What is the GDPR?
The GDPR will replace the current EU Data Protection Directive 95/46/EC and will be directly applicable in all EU and EEA Member States as of 25 May 2018.
The GDPR will significantly change the EU data protection regulatory landscape, setting stricter requirements, reaching more companies, and imposing potentially higher penalties.
For example, companies must:
- Implement programmatic measures to ensure and actively demonstrate compliance
- Implement appropriate technical and organisational measures to protect the rights of individuals when designing a processing system and processing data
- Conduct data protection impact assessments of high risk processing activities
- Implement privacy by design and by default
- Implement data breach notification
How is Coface preparing for the GDPR?
Coface is committed to the protection of personal data we collect and process, with rigorous policies, controls, and compliance oversight to ensure that data is held and used appropriately.
Coface has established an enterprise-wide GDPR programme, with key executive sponsorship, that covers its impacted subsidiaries and affiliates. Data processing activities that involve data about individuals in the EU are under review, including applications and databases, policies, processes, and procedures to ensure that our employees, partners, and vendors process personal data in compliance with GDPR requirements.
Coface leverages a network of country compliance officers and a Group Compliance team to ensure sustainable compliance with the GDPR going forward.
How will I be affected as a client of Coface?
The GDPR not only applies to organizations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
The GDPR may require updates to certain data privacy provisions of client agreements to reflect the changes required by the GDPR. If changes in documentation we have in place with you are needed, we will contact you to provide any new privacy terms or notices that are required.
I am a client of Coface outside the EU. How will I be affected?
The GDPR’s territorial scope of application is wider and may apply to organizations that are not based in the EU but offer goods or services to individuals in the EU and/or monitor the behaviour of individuals in the EU. Coface is reviewing all of its processing activities involving individuals in the EU to determine if the broader territorial scope applies. If applicable, Coface will take the necessary actions, which may include updating Terms and Conditions of business, to reflect the changes required by the GDPR.
Can I see your data privacy policies?
We are working through all our policies and procedures and making updates where necessary to comply with the GDPR.
Coface Privacy Notice is available HERE.
Is there a need for 'explicit' or 'unambiguous' consent - and what is the difference?
Explicit consent is required only for processing sensitive personal data - in this context, nothing short of “opt in” will suffice. However, for non-sensitive data, “unambiguous” consent will suffice. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language.
Can I update my documentation now to incorporate GDPR compliant clauses?
We have been actively reviewing our client documentation in light of GDPR and engaging with clients as required. We have drafted Coface Privacy Notice, available shortly for download by clicking on the link below, to inform individuals of their rights and how Coface processes personal information in its provision of services.
if you have additional queries on GDPR implementation, you can:
- reach out to your Coface Client Relationship Manager; or
contact Coface Romania by email at:
- write to 42 Pipera St. - 6th Floor - 020112 - District 2 - Bucharest - ROMANIA
ESSENTIAL GDPR DOCUMENTS FOR COFACE CLIENTS
USEFUL GDPR EXTERNAL RESOURCES