Skip navigation


Implementing the New General Data Protection Regulation

24 May 2018

The introduction of the General Data Protection Regulation ('GDPR') changes data protection law in Europe. We understand you may have questions about Cigna’s role from a data protection perspective, and about the obligations that the GDPR imposes on Cigna. 

Cigna has analysed the impact of the GDPR on its operations and has put all necessary compliance measures in place. We remain committed to collaborating in an effective way with our customers and partners to ensure the privacy and protection of their sensitive data.

Regulation scope

In line with our obligations under the GDPR, we will:

  • Process personal data fairly, transparently and on lawful grounds.
  • Process personal data only for the purposes for which it was collected, and not process it in a manner which is incompatible with those purposes.
  • Take steps to ensure that personal data is adequate, relevant and limited to what is necessary for the purposes for which it is processed and accurate and updated when necessary.
  • Implement appropriate technical and organisational measures to protect the personal data we process.
  • Practice data protection by design and default and conduct privacy impact assessments where required. 
  • Ensure that personal data is adequately protected when it is transferred to destinations outside the European Economic Area.
  • Retain personal data only for as long as is necessary for the purposes for which we process it.
  • Honour individuals' rights in relation to their personal data.
  • Ensure that we can demonstrate 'accountability'.


You can read our full GDPR statement here.

If you have any questions about our personal data handling practices, please contact