Skip to main content

General Data Protection Regulation (GDPR)

At Aetna, we take our legal obligations very seriously and we are very proud to be able to say that integrity is at the centre of everything that we do.  We are working hard to ensure that that our customers, partners and members are properly protected, and that we are fully compliant with the new General Data Protection Regulation (GDPR). 

GDPR is the new EU legislation, which applies to organisations that handle the personal data of EU residents or offer goods or services within the EU.  It will apply across EU member states including the UK from 25 May 2018, and will replace the UK’s Data Protection Act 1998.

We will be implementing a number of measures to ensure an appropriate level of security for the data we process.  You can read more about our approach to GDPR here.  We have also put together some Frequently Asked Questions, to help you understand the new legislation and what it means for you.

All main business areas have participated in a process review of the way we handle member and employee data and we will be implementing some changes to the way we collect, store, access, share and delete data.

GDPR does have explicit provisions for the contractual terms that organisations enter into with third parties that process personal data on their behalf.  As a result, we will be engaging with our suppliers in due course to address any necessary contractual changes to reflect the provisions of GDPR.

We would recommend you read the Information Commissioner’s Office (ICO) guidance on GDPR here.  If you have any questions about how the GDPR affects the way we work with you, please contact contact our dedicated Data Privacy team.

We use cookies to give you the best possible online experience. See our cookie policy for more information on how we use cookies and how you can manage them. If you continue to use this website, you are consenting to our policy and for your web browser to receive cookies from our website.