Data protection at RGI:
our approach
our approach
Protecting personal data is a core component of trust in digital insurance and technology-driven ecosystems.
RGI has adopted a structured Data Protection Governance model, designed to clearly define roles, responsibilities, and controls within the organization. This model ensures a consistent and effective approach to personal data protection across all Group companies and activities.
To guarantee uniform standards of data protection in compliance with the GDPR and applicable national regulations, RGI has implemented a set of Group Privacy Policies, addressing key data protection principles throughout the entire data lifecycle.
A unified Privacy Governance model
RGI’s approach to privacy is based on a single, integrated Governance framework.
This model ensures that data protection is:
- Embedded into business processes
- Managed consistently across countries and functions
- Aligned with legal, organizational, and technological requirements
Privacy is not treated as a standalone obligation, but as a shared responsibility that supports transparency, accountability, and long-term trust with clients, partners, and stakeholders.
Data Protection Officer (DPO)
RP Legal & Tax in the person of the lawyer Luca Egitto: dpo@rgigroup.com
Group Privacy Policies
RGI has adopted five Group Privacy Policies, each addressing specific aspects of personal data protection and supporting dedicated processes within the overall Governance framework.
Each policy contributes to ensuring compliance, consistency, and risk mitigation across the Group.
This Group Policy defines maximum retention periods for personal data, in compliance with applicable laws and regulations, also taking into account RGI’s role as data processor for its clients.
It establishes clear rules for the secure deletion, destruction, and anonymization of personal data once their retention is no longer necessary for the purposes for which they were processed, in line with the storage limitation principle set out in Article 5 of the GDPR.
The Group Policy on Privacy by Design and Default provides guidance to all the relevant stakeholders on the implementation of the privacy and the security measures necessary in all data processing activities carried out within the Group throughout the life cycle of personal data.
It relates to the principles set forth in article 25 of the GDPR, which data controllers and data processors must implement both at the time of determining the means of data processing and at the time of the processing itself.
Furthermore, RGI puts in place adequate safeguards whenever a processing activity involves transfers of personal data to non-EU countries. This ensures that risks are identified, evaluated, and adequately mitigated before any transfer takes place.
The Group Policy on the Management of Data Subjects’ Requests provides guidelines for:
- the complete management of data subjects’ requests concerning the exercise of their privacy rights according to the “Data Subjects Rights” section of the GDPR
- the roles and responsibilities of the actors involved in the procedure
- the regulatory requirements and the limits to the exercise of the rights provided for by the GDPR
- the specific methods for taking actions in case of exercise of Data Subjects Rights
The Group Policy on the Processing of Personal Data of Authorised Persons regulates the procedure to manage the roles, obligations and instructions that the authorised persons at RGI Group must know and comply with.
The Group Policy on Data Breach Management regulates the procedure for the management of data breaches and identifies the steps to be followed, the roles and teams to be involved, the activities to be performed and the documents to be drafted during the various steps.
At RGI, data protection goes beyond compliance.
It’s a core design principle, embedded into a sustainable and coherent governance model that shapes how we build and run our software.
Our solutions reflect the same privacy-first and accountability-driven approach we apply internally every day.