Data protection

The EU General Data Protection Regulation

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
On this page you’ll find answers to commonly asked questions, relevant documentation, links to useful external resources, and contact details should you need additional information on the GDPR.


What is the GDPR?
The GDPR replaces the current EU Data Protection Directive 95/46/EC and is directly applicable in all EU and EEA Member States as of 25 May 2018.
The GDPR significantly changes the EU data protection regulatory landscape, setting stricter requirements, reaching more companies, and imposing potentially higher penalties.  For example, companies must:
  • Implement programmatic measures to ensure and actively demonstrate compliance
  • Implement appropriate technical and organizational measures to protect the rights of individuals when designing a processing system and processing data
  • Conduct data protection impact assessments of high risk processing activities
  • Implement privacy by design and by default
  • Implement data breach notification
Coface and GDPR
Coface is committed to the protection of personal data we collect and process, with rigorous policies, controls, and compliance oversight to ensure that data is held and used appropriately.
Coface has established an enterprise-wide GDPR programme, with key executive sponsorship, that covers its impacted subsidiaries and affiliates. Data processing activities that involve data about individuals in the EU are under review, including applications and databases, policies, processes, and procedures to ensure that our employees, partners, and vendors process personal data in compliance with GDPR requirements.
Coface leverages a network of national correspondents and a Group dedicated team to ensure sustainable compliance with the GDPR going forward.
How I am affected as a client of Coface?
The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
The GDPR may require updates to certain data privacy provisions of client agreements to reflect the changes required by the GDPR.  If changes in documentation we have in place with you are needed, we will contact you to provide any new privacy terms or notices that are required.
I am a client of Coface outside the EU. How I am affected?
The GDPR’s territorial scope of application is wider and may apply to organizations that are not based in the EU but offer goods or services to individuals in the EU and/or monitor the behavior of individuals in the EU. Coface is reviewing all of its processing activities involving individuals in the EU to determine if the broader territorial scope applies.  If applicable, Coface will take the necessary actions, which may include updating Terms and Conditions of business, to reflect the changes required by the GDPR.
Can I see your data privacy policies?
We are working through all our policies and procedures and making updates where necessary to comply with the GDPR.
You can click on the link below to download Coface Privacy Notice.
Is there a need for 'explicit' or 'unambiguous' consent - and what is the difference?
Explicit consent is required only for processing sensitive personal data - in this context, nothing short of “opt in” will suffice. However, for non-sensitive data, “unambiguous” consent will suffice. Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language.


Coface Privacy Notice (March 2022)


European Commission:
EU General Data Protection Regulation (full text):


if you have additional queries on GDPR implementation, you can:
  • reach out to your Coface Client Relationship Manager; or
  • contact Coface Data Privacy Office by email at: coface_dpo@coface.com ; or
  • write to Data Protection Office, 1 Place Costes et Bellonte - 92270 Bois-Colombes - FRANCE