GDPR: General Data Protection Regulation

In the digital age, data is ubiquitous and is now at the centre of the value chain of companies. This is why their protection has become a fundamental issue. Thus, companies are required to comply with the new regulations of the European Union on confidentiality and processing of personal data (the General Data Protection Regulations, GDPR) since 25 May 2018, under penalty of sanction. What influence does the GDPR have on businesses and customers?

  • in force from 25 May 2018 for all companies processing personal data of EU residents;
  • strengthening the control of individuals over the processing of their personal data;
  • the possibility for private individuals to request a right of access, rectification, objection and, where appropriate, the deletion of their personal data.

The GDPR was developed to “harmonize data privacy laws in Europe, protect and enhance the privacy of data of all EU citizens and reshape the way organisations treat data privacy in the Union”.

In other words, it prepares the EU Member States for the digital age.

The GDPR, published in May 2016 by the European Commission, grants all companies (not only private companies, but also hospitals, local authorities and a whole host of other institutions) that process personal data in the framework of activities in the EU territory or relating to persons within the EU territory, a period of two years to comply.

The GDPR, which replaces the old Data Protection Directive, governs the processing of personal data.

"Processing" includes the collection, organisation, storage, use, consultation, modification, transmission and deletion of data, which may belong to customers, employees or suppliers. This data includes, among other things, customer transaction information, contact details, passport copies, etc.

Consumers have more transparency and control since they are better informed of when and why companies are processing their data and can exercise their individual rights on the basis of this more complete information.

ING and you. Keeping your data protected is all about collaboration.

At ING Luxembourg, we use all possible means to guarantee that your personal data is processed in accordance with this regulation and in a way that protects your privacy.

As a result, we have updated the privacy policies for our customers, business partners, and employees to ensure a consistent approach to personal data across the entire enterprise.

The privacy statement clearly sets out the types of personal data we collect, the identities of those to whom we transmit them, the rights individuals have over their data, and the methods of exercising these rights.

These include in particular the right to know which data ING (or any other organisation) holds and processes about you, the right to oppose their processing or to limit it with respect to certain applications, and the right to correct erroneous information. 

You also have the possibility to choose the type of communication that you wish to receive from us: communication by email, receipt of commercial offers or personalized information, alerts etc.

To do this, simply go to your Online Banking My ING > My personal data > my consents or visit a branch to view or change your consent settings.

For more information on the processing of your personal data and your rights, please refer to the Bank’s “Privacy Statement”. For any question concerning your personal data, you can contact your Data Protection Officer (DPO) at the following address: dpo@ing.lu.

How can we help?

Call us

Monday to Friday from 8:15 am to 5:30 pm.

Send us an email

Send your request to our Contact Center.

Visit us

A complete network of ING branches for your convenience.

Make an appointment

Book an appointment in just a few clicks.