The latest insights on fraud, risk & compliance: 'fresh from the FRISS Lab'
11 December 2017

How The GDPR Affects Insurers

The upcoming GDPR is hot. But what exactly does it mean for insurance companies? We’re meeting with privacy specialists Sander van de Molen and Michel Gielbert from SmartMirrors.

Hi there. We’re here to interrupt your privacy for a moment, if that’s okay.
Hi guys. Welcome to SmartMirrors.

The new GDPR, how important is it?

Very important. On the one hand it seems nothing has changed. Companies just have to comply with laws and regulations. But on the other
hand the new GDPR really changed a lot. The impact on companies that are processing data is really tremendous.

We’re supporting a company that has a few hundred systems in place. And only for a few of them they actually know what data runs through it. That’s a major risk.

So why is the impact of the GDPR so huge?

Because the new legislation GDPR, or AVG in Dutch, contains a lot of changes. Two of the major changes are, the company has to build and maintain a data register. Secondly, the company is accountable for being able to show compliance. Meaning they have to use a control framework.

What do you encounter in daily practice?

What we see now is that a lot of companies didn’t pay attention to privacy regulation before meaning that now they’re facing a huge gap
they have to close before next year.

Let me illustrate this by an example.

When people first used mobile phones in the car, they weren’t calling handsfree. This was clearly dangerous. People were distracted and it caused a lot of accidents. So people needed protection. The result was new legislation. It is now forbidden to use the phone except handsfree. You need a device, a framework or carkit to ensure you’re able to call in a safe way.

If you’re caught now or caught in accidents the fines are really high and it can even put you out of business.

So new legislation, more obligations, increased supervising and higher risks.
Is it all about IT?

I think that is one of the most common misunderstandings. Improving your processes and the awareness of your personnel are just as important.

Do you have any final words that could make privacy a bit more sexy?

As we see it, privacy should be seen as a business enabler, not as a showstopper.
Therefore our quote is: Data is the new gold, as long as you consider privacy by default.

Contact us

Cookie and Privacy Policy

1. Introduction

When you use this website, FRISS may collect information about your use of the website and the content offered. We believe it is important to handle your (personal) data with due care and confidentiality. When processing your personal data, we comply with the General Data Protection Regulation (Algemene Verordening Gegevensbescherming) and Article 11.7a of the Telecommunications Act (Telecommunicatiewet).

1.1.  Controller

The controller of the processing of personal data is:

FRISS Fraudebestrijding B.V.
Orteliuslaan 15
3528 BA

This processing of personal data is registered with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) in The Hague under reporting number m00004997.

1.2.  Purposes of data processing

There are several places on our website where you can fill in your (personal) data. We will explain the purposes of the various instances of data processing below.

Filling in the contact form or sending an e-mail

If you fill in the contact form on our website or send us an e-mail, we will only use the (personal) data you provide for the purpose or purposes for which you filled in the contact form or sent the e-mail.

Download form

If you download files on our website (such as e-books, whitepapers or reports), we will use the (personal) data you provide for one or more of the following purposes:

  • for the execution of an agreement, for example to send you the e-book, whitepaper or report you have chosen;
  • for the formation of an agreement, for example by contacting you by telephone or in writing.


If you fill in the application form for the newsletter on our website, your (personal) data will be used to send you the newsletter. Each newsletter contains a hyperlink at the bottom of the message that you can use to unsubscribe.

In addition to the personal data you provide to FRISS yourself, FRISS may collect, record and process additional (personal) data if you use the (web) services of FRISS. This concerns the following personal data:

  • data from the used equipment, such as a unique device ID, version of the operating system and settings of the device you use to access a service;
  • information about the use of a service, such as the time at which you use the service and the type of service that is used;
  • location details from your device or derived from your IP address that is provided to us when you use a particular service;
  • data available from external sources. We may receive information about you from public or commercially available sources.

1.3.  Provision of (personal) data to third parties

Your (personal) data will never be provided to third parties without your permission, unless we have an obligation to do so pursuant to legislation or regulations or you have given permission for this.

1.4.  Security of data

FRISS respects your privacy and ensures that personal data are handled confidentially and with the utmost care. All processed (personal) data is stored exclusively in secure databases. These databases are only accessible to employees of FRISS, to the extent that this access is required by virtue of their position. FRISS makes every effort to secure these systems against loss and/or any form of unlawful use or processing.

1.5.  Inspection, correction and deletion of data and the right to object

You can view your data that is processed by FRISS at any time and free of charge and, if you so wish, modify this data or have it deleted. You can also object to receiving information about products, services or content of FRISS. If you wish to make use of one of these options, you can send an e-mail to the Data Protection Officer of FRISS via privacy@friss.eu or write to the following address:

FRISS | fraud, risk & compliance
Attn. Data Protection Officer
Orteliuslaan 15
3528 BA Utrecht.

2. Cookies

When using this website, information about your use of these services and other websites may be collected by or on behalf of FRISS, for example by means of cookies.

A cookie is a small file that is sent along with pages of a website and stored by your browser on the hard disk of your computer. We use cookies to remember settings and preferences. You can disable these cookies via your browser.

2.1.  The purposes for which FRISS uses cookies

On our website we use cookies for the following purposes:

  • for statistical purposes, in order to analyse the use of FRISS websites. This allows us to keep track of the number of visitors and see which parts of our website are popular. We use Google Analytics in order to track and consult these statistics. On this website you can find explanations about all cookies that may be placed by Google;
  • for what is known as ‘targeting’ purposes, if you have used the download form. By targeting we mean building a profile of you based on your surfing behaviour on our website, after which we may contact you by telephone or e-mail based on the interests you have shown in order to offer you FRISS services that you may be interested in. We use HubSpot in order to track and consult these statistics. On this website you can find explanations about all cookies that may be placed by HubSpot;

3. Changes to this Cookie and Privacy Statement

FRISS may make changes to this Cookie and Privacy Statement. All modifications will be published on this page. We advise you to consult this Cookie and Privacy Statement regularly, so that you are always aware of the content of the current Cookie and Privacy Statement.