THE GENERAL DATA PROTECTION REGULATION (GDPR) AND DEBT RECOVERY

On 25 May 2018, theGeneral Data Protection Regulation(GDPR) will come into effect. It’s designed to better protect theprivacyofEuropean citizens, but what are its implications fordebt recovery companies?

Before the GDPR

Belgian debt recovery companiesand members ofthe ABR-BVIlikeTCMwere bound not only by the Law of 8 December 1992 on the protection of privacy, but also by the code of ethics of this association as well as theFENCAcode.

As of 25 May 2018

In fact, there will be no major changes to the way we operate. We will need to continue to:

• Only processdata usefulfor our work (e.g. name and address)
• Not process or savesensitive datawhich isunnecessaryfor our work (e.g. information on political or religious views or regarding ethnicity or health)
• Ensure that the processing of this data is secure, i.e. not accessible by unauthorised persons. In this regard,TCMuses securesystemsandsecuretransfer methods
• Not sell or pass on this data unless it’s necessary for our work or if we’re obliged to do so by law
• Inform individuals who request the data we have on them andcorrect or delete this datawhen required
• Not unnecessarily retain data on a person after theirdebtshave been settled.

As of 25 May 2018, two new elements are being added to the legal requirements:

Carrying out an impact analysis for risky processing activities

If a plannedprocessing operation involving personal datapresents a high risk to the rights and freedoms of natural persons, we will be required to carry out an impact analysis. This applies to IT development in particular. In fact, atTCM, we’ve always taken the protection of personal data into account for this type of processing, so this new legal requirement is already second nature to us.

Appointing a data protection officer

A company such as ours that processes huge amounts ofpersonal datawill be required to designate adata protection officerwho will serve as the company’s contact for the data protection authorities. They will also be responsible for informing and advising on data and controlling its flow within the company.TCMhas designated its CEO, Etienne van der Vaeren, for this role, for the time being and until this task is taken care of by someone else.

The ABR-BVI code

Our professional body, theABR-BVI, has modified its ethical code and added a new code of ‘Minimum standards for privacy protection policies’ in order to reflect the new legislation. Of course,TCMobserves this code.

Conclusion

We’re ready for 25 May 2018 and are already applying thenew standards. If you have any questions about whatTCMcan do for you, feel free to contact us atsales@tcm.be. We’re here to help.

THE GENERAL DATA PROTECTION REGULATION (GDPR) AND DEBT RECOVERY

On 25 May 2018, theGeneral Data Protection Regulation(GDPR) will come into effect. It’s designed to better protect theprivacyofEuropean citizens, but what are its implications fordebt recovery companies?

Before the GDPR

Belgian debt recovery companiesand members ofthe ABR-BVIlikeTCMwere bound not only by the Law of 8 December 1992 on the protection of privacy, but also by the code of ethics of this association as well as theFENCAcode.

As of 25 May 2018

In fact, there will be no major changes to the way we operate. We will need to continue to:

• Only processdata usefulfor our work (e.g. name and address)
• Not process or savesensitive datawhich isunnecessaryfor our work (e.g. information on political or religious views or regarding ethnicity or health)
• Ensure that the processing of this data is secure, i.e. not accessible by unauthorised persons. In this regard,TCMuses securesystemsandsecuretransfer methods
• Not sell or pass on this data unless it’s necessary for our work or if we’re obliged to do so by law
• Inform individuals who request the data we have on them andcorrect or delete this datawhen required
• Not unnecessarily retain data on a person after theirdebtshave been settled.

As of 25 May 2018, two new elements are being added to the legal requirements:

Carrying out an impact analysis for risky processing activities

If a plannedprocessing operation involving personal datapresents a high risk to the rights and freedoms of natural persons, we will be required to carry out an impact analysis. This applies to IT development in particular. In fact, atTCM, we’ve always taken the protection of personal data into account for this type of processing, so this new legal requirement is already second nature to us.

Appointing a data protection officer

A company such as ours that processes huge amounts ofpersonal datawill be required to designate adata protection officerwho will serve as the company’s contact for the data protection authorities. They will also be responsible for informing and advising on data and controlling its flow within the company.TCMhas designated its CEO, Etienne van der Vaeren, for this role, for the time being and until this task is taken care of by someone else.

The ABR-BVI code

Our professional body, theABR-BVI, has modified its ethical code and added a new code of ‘Minimum standards for privacy protection policies’ in order to reflect the new legislation. Of course,TCMobserves this code.

Conclusion

We’re ready for 25 May 2018 and are already applying thenew standards. If you have any questions about whatTCMcan do for you, feel free to contact us atsales@tcm.be. We’re here to help.