ING Binding Corporate Rules Quiz

Questions and Answers

What do the Binding Corporate Rules (BCR) aim to protect?

• Only business partner data
• Only client and supplier data
• Client, supplier, business partner, and employee data (correct)
• Only employee data

Which document is not part of ING's Binding Corporate Rules?

• Global Data Protection Policy for Employee Data
• Global Data Protection Policy for Supplier Data
• Global Data Protection Policy for Client Data
• Global Personal Data Protection Internal Policy (correct)

Who approves the Binding Corporate Rules documents?

• The ING Board of Directors
• Local government agencies
• Client representatives
• The Dutch Data Protection Authority (correct)

Where can individuals find ING’s Global Data Protection Policies?

on ing.com and publicly available (B)

What is a component of ING's internal policies?

Global Personal Data Protection Process Control Standard (B)

What is the primary role of the data protection executive (DPE) office?

To address questions related to personal data (A)

Which regulation does the DPE office help ensure compliance with?

GDPR (B)

What is one of the activities managed by the DPE office regarding data breaches?

Coordinating actions around data breaches (A)

Who does the DPE office support in relation to data protection?

Business unit data protection executives (BU DPE) (D)

What should you do if you have questions about personal data?

Familiarize yourself with the local DPE (A)

What does ING's binding corporate rules (BCR) agreement require?

To apply GDPR principles globally unless local law requires otherwise (A)

What internal policy does ING have to manage personal data protection?

Global Personal Data Protection Policy (GPDP) (B)

Which regulation must ING comply with regarding personal data?

EU General Data Protection Regulation (GDPR) (A)

What is the primary commitment of ING when handling personal data?

To handle data in a manner consistent with the expectations of individuals (A)

Why is ING subject to multiple data protection laws?

Due to its global banking operations and local regulations (B)

Who is responsible for complying with and implementing the GDPR policy within a business unit?

Chief Operating Officer (C)

Where can you find the data protection contact list at ING?

On ING Today (A)

What is the global accountability level for the bank's Data Protection Executive (DPE)?

Management Board Banking (A)

Which role is filled by the Business Unit Data Protection Executive (BU DPE)?

Chief Operating Officer (A)

What are the BU DPE's responsibilities regarding data protection?

Complying with GDPR policy and BCR (B)

Why is it important to protect personal data?

It is the right thing to do. (B)

What does the global code of conduct at ING demand?

To protect personal data. (A)

What should employees at ING do regarding personal data?

Take ownership and be vigilant. (B)

Which of the following best describes the approach ING takes towards personal data protection?

It involves collaboration and adherence to values. (C)

What are employees encouraged to utilize within ING to support data protection?

Policies, departments, and people. (C)

What is the primary responsibility of the business unit data protection officer (BU DPO)?

To provide advice and challenge on personal data processing (D)

Who is the primary point of contact for the Data Protection Authority?

The bank DPO (C)

What does the DPO monitor compliance with?

GDPR, BCR, and local data protection requirements (D)

What role does the global bank DPO hold?

They advise on cross-border data protection issues (C)

Flashcards

ING's data handling

ING handles personal data in line with data protection laws and regulations, including GDPR.

GDPR

A set of EU rules for protecting personal data.

Global Personal Data Protection Policy (GPDP)

ING's internal policy outlining data protection obligations and risks.

Legal Binding Corporate Rules (BCR)

ING's agreement to apply key GDPR principles globally.

GDPP (internal)

ING's internal name for the BCR agreement, which globally applies the main principles of GDPR.

Binding Corporate Rules (BCR)

ING's legal agreement that protects client, supplier, partner, and employee data.

Global Data Protection Policy (GDPP)

ING's policy for protecting data of clients, suppliers, business partners and employees.

Global Data Protection Policies for Employees

Specific rules for protecting ING employees' data.

Global Internal Policies

ING's internal rules covering personal data protection.

Global Personal Data Protection Process Control Standard (PCS)

ING's standard for enforcing data protection procedures.

Who handles data protection in each business unit?

The Business Unit Data Protection Executive (BU DPE) is responsible for ensuring the business unit complies with data protection laws and internal policies like GDPR and the BCR.

Who is the BU DPE?

The BU DPE role is typically filled by the Chief Operating Officer (COO) of the business unit.

Who holds overall responsibility for data protection globally?

The bank's Data Protection Executive (DPE) has global accountability. This role is fulfilled by the bank's COO at the Management Board Banking (MBB) level.

What two policies impact each business unit?

The Business Unit Data Protection Executive (BU DPE) is responsible for complying with and implementing the GDPR policy and the BCR within the business unit.

What is the BCR?

The Legal Binding Corporate Rules (BCR) is ING's agreement to apply key GDPR principles globally. This internal agreement ensures consistent data protection standards across all ING locations.

DPE Office

The DPE office oversees data protection compliance within an organization, acting as a central point of contact for data protection-related questions and concerns.

What does the DPE office do?

The DPE office coordinates actions related to data breaches, monitors processing of personal data, and helps business units conduct data protection impact assessments.

Data Breach

A data breach occurs when personal information is accidentally or intentionally accessed, used or disclosed without proper authorization.

Data Protection Impact Assessment (DPIA)

A DPIA evaluates the risks to individuals' privacy posed by a new or existing data processing activity.

Business Unit Data Protection Executive (BU DPE)

The BU DPE is responsible for data protection within a specific business unit or department, often collaborating with the central DPE office.

Business Unit DPO

Responsible for advising and ensuring their business unit complies with data protection rules like the GDPR and BCR.

Bank DPO

Focuses on cross-border data issues and oversees compliance across ING globally.

DPO's Role

Part of ING's risk function, they ensure compliance with data protection laws and regulations.

DPO as Contact Point

The single point of contact for Data Protection Authorities for any inquiries about data protection.

Data Protection: More than just law

Protecting personal data is not only a legal obligation, but also a moral responsibility towards individuals whose data ING processes.

ING's Values and Data Protection

ING's values, like honesty, prudence, and responsibility, align with the importance of protecting personal data.

Global Code of Conduct: Data Protection

ING's global code of conduct explicitly states the obligation to protect personal data, reinforcing its importance.

Ownership in Data Protection

Taking ownership means being proactive and vigilant in protecting personal data, knowing that ING provides resources and support.

Data Protection Support

ING offers various policies, departments, and personnel to assist employees in upholding data protection standards.