Financial Services

Cerved - Privacy Compliance

Cerved supports businesses, banks and institutions to protect themselves from risk and grow sustainably. The use of Blindata enabled the mapping of all the elements required for the management of the Record of Processing Activities.

Cerved cover image

Summary

Cerved supports businesses, banks and institutions to protect themselves from risk and grow sustainably. With a unique heritage of data, it provides services and digital platforms to manage risks and support growth, including advisory solutions. Through Cerved Credit Management Group it helps to dispose of impaired loans and with Cerved Rating Agency it offers creditworthiness and debt issuance ratings.

In September 2021, Cerved Group Spa joined ION Group, one of the largest FinTech players on the worldwide market, following the Public Purchase Offer on Cerved’s capital.

Goals

  • Centralized definition of processing mapping policies
  • Distributed management of the collection of required information

The huge amount of data managed by Cerved represents the main asset on which the group has built its business. A significant part of the data consists of personal information, therefore subject to privacy legislation. With the entry into force of the GDPR and to guarantee data subjects the correct processing of their personal data, the group has profoundly revised its procedures and tools. Not an easy challenge, given the complexity of the corporate structure, the different types of services provided and consequently the data collected and produced.

Cerved Group faced the challenge by establishing a set of objectives:

Different companies in the group need autonomy in defining the purposes of processing activities, while it is important that some aspects (such as security measures) are defined centrally, to ensure uniformity in management and consistency with group policies.

While the mapping of processes must be delegated to individual companies, updates must be carried out, where necessary and useful, centrally and massively.

Different roles are involved in maintaining process mapping, this necessitates a process for tracking changes and managing approvals.

In a dynamic environment, whether due to the continuous improvement of services offered or the expansion of the group’s offerings and structure, the processings performed change with considerable frequency. It is therefore necessary to keep track of the changes undergone by treatments over time.

Companies in the group act, depending on the situation, as Data Controllers, independently deciding what processing to perform on personal data, or as Data Processors, operating on personal data on behalf of the Data Controller, typically a customer of the company. The information in the processing register must respect the specific role played by the company.

Solution

Testimonials left quote

Blindata represents the centralized solution that allows us to keep the RoPA up-to-date with a level of detail appropriate to the needs of Data Driven companies such as those belonging to the Cerved group. It is not just a matter of formal fulfillment of producing a piece of paper, but of being able to navigate the information, update it quickly where necessary, keep track of changes, and be able to delegate the collection of information to the structures that know the processes best.

Andrea Beretta - IT Security & Risk Compliance

Testimonials right quote

The use of Blindata enabled the mapping of all the elements required for RoPA management.

The production of the final document, in PDF format, versioned and archived within the platform, simply represents the documentation of a detailed and constantly maintained mapping process.

All tracked information is easily queried from the application interface, via dedicated menus, or using the Privacy Graph, which is a special feature of Blindata.

An extensive definition of Roles and Teams, management of access and modification permissions, change approval workflow, and campaigns to collect updated information allow Cerved Group to promptly and efficiently manage the processing of personal data.