General Insurance Article - GDPR and Beyond


The Data Protection Bill will repeal the UK Data Protection Act 1998 and bring EU law, including the General Data Protection Regulation (GDPR), into UK law “in a way that as far as possible preserves the concepts of the Data Protection Act … while complying with the GDPR and Data Protection Law Enforcement Directive (DPLED) in full,” according to the document.

 By Peter Johnson, Senior Vice President, Marsh Risk Consulting

 Last week, the UK Government published its Statement of Intent regarding the new UK Data Protection Bill, which it says will bring the country’s data protection laws up to date and help to prepare it for the future, following its exit from the European Union (EU).

 The Statement of Intent also indicates some of the derogations in the GDPR that the UK will exercise, including:

 Processing of criminal data: The GDPR only permits bodies vested with official authority to process personal data on criminal convictions and offences. The Bill aims to preserve continuity with the existing position and extend the right to enable organisations other than those vested with official authority to process data relating to criminal convictions and offences.

 Automated decision-making: The Government will ensure there are grounds for processing personal data by automated means where there are legitimate grounds for doing so and suitable safeguards in place.

 Age of consent: The Government will set the minimum age at which a child can consent to data processing to 13.

 Exemptions for research: Significant exemptions will be introduced to allow universities, research establishments, and museums to continue to operate in a way that protects information but does not inhibit future innovation and discovery.

 In news that will be particularly welcomed by UK and international businesses, the Statement of Intent states that the UK Government is “committed to ensuring the uninterrupted data flows” between the UK, the EU, and other countries around the world.
 Recommendations

 With greater certainty on the long-term impact of the GDPR on the UK after it leaves the EU, it is important that organisations continue their preparations for the GDPR, which will become applicable from 25 May 2018. The ICO has provided guidance to help organisations with their preparations. In particular, your business should:

 Ensure all key people in your company understand the GDPR.

 Know what personal data your company holds and the lawful basis on which you rely when using and storing it: Keep in mind the more stringent consent requirements.

 Check your privacy notices, policies, procedures, and other documentation are compliant with the new requirements.

 Have plans in place to detect, report, and investigate data breaches.

 Check whether you are required to appoint a data protection officer.

 The new requirements may oblige your company to make operational and IT changes, which take time and require investment. Proactive organisations can use this as an opportunity to improve their data management strategies in such a way that enhances their data capabilities and could help them grow their businesses.

Back to Index


Similar News to this Story

Sleighing the risks by giving Santa the insurance he needs
While you might be the most magical employer in the world, we know that even you aren’t immune to the risks of running a global delivery service! From
Diversity improving in insurance and long term savings
Key figures from the Association of British Insurers’ latest Diversity, Equity and Inclusion (DEI) data collection highlight the work of insurers and
Almost a third of homeowners have been victims of burglaries
Research commissioned by Co-op Insurance reveals that almost one in three (29%) homeowners have been the victims of theft from their home. The member-

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.