THE GENERAL DATA PROTECTION REGULATION (GDPR) AND DEBT RECOVERY

On 25 May 2018, the General Data Protection Regulation (GDPR) will come into effect. It’s designed to better protect the privacy of European citizens, but what are its implications for debt recovery companies?

Before the GDPR

Belgian debt recovery companies and members of the ABR-BVI like TCM were bound not only by the Law of 8 December 1992 on the protection of privacy, but also by the code of ethics of this association as well as the FENCA code.

As of 25 May 2018

In fact, there will be no major changes to the way we operate. We will need to continue to:

• Only process data useful for our work (e.g. name and address)
• Not process or save sensitive data which is unnecessary for our work (e.g. information on political or religious views or regarding ethnicity or health)
• Ensure that the processing of this data is secure, i.e. not accessible by unauthorised persons. In this regard, TCM uses secure systems and secure transfer methods
• Not sell or pass on this data unless it’s necessary for our work or if we’re obliged to do so by law
• Inform individuals who request the data we have on them and correct or delete this data when required
• Not unnecessarily retain data on a person after their debts have been settled.

As of 25 May 2018, two new elements are being added to the legal requirements:

Carrying out an impact analysis for risky processing activities

If a planned processing operation involving personal data presents a high risk to the rights and freedoms of natural persons, we will be required to carry out an impact analysis. This applies to IT development in particular.

In fact, at TCM, we’ve always taken the protection of personal data into account for this type of processing, so this new legal requirement is already second nature to us.

Appointing a data protection officer

A company such as ours that processes huge amounts of personal data will be required to designate a data protection officer who will serve as the company’s contact for the data protection authorities. They will also be responsible for informing and advising on data and controlling its flow within the company. TCM has designated its CEO, Etienne van der Vaeren, for this role, for the time being and until this task is taken care of by someone else.

The ABR-BVI code

Our professional body, the ABR-BVI, has modified its ethical code and added a new code of ‘Minimum standards for privacy protection policies’ in order to reflect the new legislation. Of course, TCM observes this code.

Conclusion

We’re ready for 25 May 2018 and are already applying the new standards.

If you have any questions about what TCM can do for you, feel free to contact us at sales@tcm.be. We’re here to help.

THE GENERAL DATA PROTECTION REGULATION (GDPR) AND DEBT RECOVERY

On 25 May 2018, the General Data Protection Regulation (GDPR) will come into effect. It’s designed to better protect the privacy of European citizens, but what are its implications for debt recovery companies?

Before the GDPR

Belgian debt recovery companies and members of the ABR-BVI like TCM were bound not only by the Law of 8 December 1992 on the protection of privacy, but also by the code of ethics of this association as well as the FENCA code.

As of 25 May 2018

In fact, there will be no major changes to the way we operate. We will need to continue to:

• Only process data useful for our work (e.g. name and address)
• Not process or save sensitive data which is unnecessary for our work (e.g. information on political or religious views or regarding ethnicity or health)
• Ensure that the processing of this data is secure, i.e. not accessible by unauthorised persons. In this regard, TCM uses secure systems and secure transfer methods
• Not sell or pass on this data unless it’s necessary for our work or if we’re obliged to do so by law
• Inform individuals who request the data we have on them and correct or delete this data when required
• Not unnecessarily retain data on a person after their debts have been settled.

As of 25 May 2018, two new elements are being added to the legal requirements:

Carrying out an impact analysis for risky processing activities

If a planned processing operation involving personal data presents a high risk to the rights and freedoms of natural persons, we will be required to carry out an impact analysis. This applies to IT development in particular.

In fact, at TCM, we’ve always taken the protection of personal data into account for this type of processing, so this new legal requirement is already second nature to us.

Appointing a data protection officer

A company such as ours that processes huge amounts of personal data will be required to designate a data protection officer who will serve as the company’s contact for the data protection authorities. They will also be responsible for informing and advising on data and controlling its flow within the company. TCM has designated its CEO, Etienne van der Vaeren, for this role, for the time being and until this task is taken care of by someone else.

The ABR-BVI code

Our professional body, the ABR-BVI, has modified its ethical code and added a new code of ‘Minimum standards for privacy protection policies’ in order to reflect the new legislation. Of course, TCM observes this code.

Conclusion

We’re ready for 25 May 2018 and are already applying the new standards.

If you have any questions about what TCM can do for you, feel free to contact us at sales@tcm.be. We’re here to help.