Terence has over 35 years' experience in the Financial Services environment, covering general insurance, investments and mortgages.
The new EU data protection rules come into force on 25 May 2018, replacing the Data Protection Act (DPA) 1998. The General Data Protection Regulation (GDPR) aims to harmonise legislation across all EU member states by ensuring that organisations properly file and organise their client records, control such data, and act in accordance with the consent granted by the client. The implementation of the GDPR is unaffected by the UK’s decision to leave the European Union.
RWA has prepared a briefing document, which summarises what we know so far and outlines its applicability to the insurance sector.
In the UK, the Information Commissioner’s Office (ICO) will be responsible for supervising and enforcing the new data protection laws and will have powers to carry out audits, which could result in orders for firms to cease their operations. If breaches are found to have occurred they will notify the individuals of the breach; rectify, restate or even delete data; prohibit or suspend data processing; and stop a firm sharing information with other parties.
Whereas the ICO can currently issue a fine of up to £500,000 for major breaches of the DPA 1998, the new GDPR allows for much stricter penalties:
So, it is easy to see that this is an extremely important area for insurance brokers (and indeed any firm which handles data) to consider over the next year or so in order that appropriate systems are in place, and staff receive training about the requirements of the legislation.
There are a large number of firms selling training or consultancy services at the moment. Our advice would be to proceed with caution, as we have seen wildly differing interpretations of GDPR requirements from different providers.
The GDPR is a complex piece of new EU legislation and much is a matter of interpretation. As time goes by, we may see some additional clarity or guidance from the Information Commissioner’s Office.
We would also recommend that guidance is sought from the ICO if in any doubt.
To download a copy of the RWA GDPR briefing document, click here.
If you have any further questions, please contact a member of the RWA team.
Regular business news and commentary delivered direct to your inbox each week. Sign up here