Question: Why is Data Privacy Day important for companies like Aegon?
Sebastiaan: "We must realize that implementing data privacy protocols just once is not sufficient. The work of respecting and protecting data privacy is never 'done'. It requires constant attention in everything we do. We need to build privacy into the process each time we create a new product, draw up a contract, deploy or decommission an IT service, etc.

"Aegon operates in Europe, the US and Asia and each day our privacy and business teams work hard on abiding to the relevant data privacy regulations in each of our markets.

"The EU has itemized data privacy rights and obligations in the General Data Protection Regulation (GDPR). Although the UK has left the EU, the regulation is retained in domestic law as the 'UK GDPR', while the UK has the independence to keep the framework under review. Several Asian countries have comprehensive privacy laws, and in some cases local laws reflect aspects of the GDPR.

"In the US, similar data privacy rights and obligations are provided through a conglomeration of data protection laws based on jurisdiction, data collected and industry. For example, Transamerica is currently subject to 270 security and privacy laws.  Data Privacy Day is an opportunity to reflect on the rights and obligations these laws hold and how we should apply them. We must do so in a holistic way across the company as a change made to one system or activity can impact privacy in another."

Question: Isn't personal data more of a currency rather than a privacy right in this increasingly digital world?
Sebastiaan: "Ownership of personal data rests with individuals, who must be informed how it is used by our company every step of the way. We need to remember that in the EU data privacy isn't purely a legal obligation; it is designated as a fundamental human right. This is how we view our obligations."

Question: Data Privacy Officers are responsible for Aegon's data, right?
Sebastiaan: "We continually emphasize that privacy is the responsibility of everyone in the company.  The Privacy teams in the business and the Data Protection Officers are there to monitor compliance and assist with procedures and best practices, but the responsibility starts with each employee who deals with personal data. Data privacy officers can be seen as coaches or referees and our employees are the players on the field."

Question: What aspects are you focusing on in 2022?
Sebastiaan: "Because of the many changes to the legislative landscape, plus the digital and technological advancements, privacy is a moving target. This requires us to step up, be agile and be adaptive, while keeping our strategy as a focal point. Let me focus on two examples, or elements, of our strategy. The first relates to embedding privacy controls and obligations at the beginning of everything we do. We call this Privacy by Design. Amongst others, that means when we are developing, for example, a new application we should ask questions like: where is our data hosted? who has access? why do they have access?

"The second example I would like to call out is that we will be focusing a lot more on the intersection between data management and privacy. Important questions like ‘How do we create data, how and to whom do we give access? How we manage data?  What is the data quality?  and What is the governance?’ Basically, we generate data, we manage it properly, and we delete data when there is no longer business or legal reason to keep it."

Question: How can we help build trust at a time when leaks and abuse of data appear to be common?
Sebastiaan: "In the early days, online companies cast a wide net for data. But now, when you go to buy an electrical gadget online it should be obvious that your gender or relationship status is not relevant! Why would a seller need to know and why would you need to supply this data to buy a toaster, for example?

"We must be very transparent about the data we gather, the reason for doing so, how we use it and how we dispose of it. Also, we have a very important task to keep the data safe. Financial services is still one of the most trusted industries and to maintain this trust, we recognize that protecting customer, employee and other stakeholders’ privacy and being a force for good is the responsibility of everybody in our company."