As an insurance and pensions company, we gather large amounts of information and personal data, including sensitive information such as health details on our customers. This is also the case for injured persons covered by our insurances.

We solely use the information to service and for claims handling. We do not sell data. The customers can always get insight into which information we have on them.

Processing personal data implies various risks which can be negative for the customers’ right to privacy such as the risk of data breach. A data breach can happen e.g. if we send information to the wrong customer or by other means accidental leak of personal data.

We take this risk very seriously, and therefore, we have implemented a comprehensive management system for data protection in addition to a policy on how to handle personal data. Furthermore, we have strict requirements to our data security.

Topdanmark continuously evaluates the processes for our data processing, thus we have a high level of protection of personal data. Our DPO continuously controls that the processes are complied with, and that the employees know how data breaches are detected.

Data breaches are reported internally, handeled, and reported externally to the Danish Data Protection Agency in accordance with the rules on reporting of data breaches.

It is Topdanmark’s objective to reduce the number of data breaches to as close to non as possible, and to avoid data breaches so severe that they should be reported to the Danish Data Protection Agency.

In the event of a serious data breach, we notify the aggrieved parties. When relevant, we offer the aggrieved parties our assistance in limiting the implications of any misuse of the information. Data breaches are evaluated continuously to update our processes and IT systems to ensure that it will not happen again.

We comply with the legislation in force on processing of personal data, and we have implemented  the general data protection regulation (the GDPR). We ensure that the data is stored and processed in a manner that does not challenge the customers’ right to privacy.  

We have IT systems that ensure:

• That the personal data is up-to-date
• That the personal data is not distorted
• That the personal data is deleted when no longer relevant
• That the personal data is not accessed by unauthorised persons

We only disclose customer information related to management of insurances, primarily to collaboration partners and other insurance companies. Topdanmark does not sell customer information.

Topdanmark imposes legally binding technical and organisational safety requirements to all main outsourcing suppliers and their sub-suppliers.

Topdanmark’s Board of Directors has adopted a policy on the overall requirements on Topdanmark’s use of personal data. These requirements are integrated in all the processes we have for data processing to ensure that our employees know how to handle customer information.

We have processes for mapping and risk assessment of data processing. In addition, we carry out risk assessments on external data processors which are e.g. used in relation to claims handling. Our Compliance department continuously control that the data processors comply with Topdanmark’s security requirements.

Read more about how we process personal data 

All new employees must undergo e-learning that ensures knowledge and focus on the correct processing of personal data. With regular intervals, existing employees undergo a short e-learning course to ensure the continued focus on data protection.