0370 270 6000

The General Data Protection Regulation and insurance

1 August 2017

The General Data Protection Regulation (GDPR) will be implemented in the UK, and the rest of the European Union, on 25 May 2018. The GDPR, or something very similar to it, is highly likely to be in force after the UK leaves the EU.

The GDPR revolutionises data protection and has a potentially huge impact on insurers. Organisations breaching the GDPR will face penalties of up to €20 million or 4% of global turnover, whichever is highest. As time is ticking by, businesses now need to understand how the new law will affect them and put in place measures to comply.

Browne Jacobson has bought together its data protection experts with its insurance team. Together, they understand how the GDPR will impact the insurance sector and how to comply in a cost-effective way.

Key issues under the GDPR affecting the insurance sector:

  • accountability for the collection use and retention of data of employees, customers, policy holders and third parties
  • collection of health, genetics, crime data and demographic information
  • managing more onerous obligations, higher penalties and enhanced individual rights
  • data analytics and Big Data
  • use of telematics
  • profiling favourable customer identification
  • connected devices
  • fraud detection reporting and credit reporting multi-channel marketing
  • use of legacy databases
  • innovation, Internet of Things, Artificial Intelligence personalisation and customer experience
  • information security and cyber resilience
  • data sharing and off-shoring
  • data profitability
  • managing and reporting data breaches
  • data protection officers
  • cyber insurance policies.

Steps to prepare for May 2018:

  • raise awareness of the impacts of GDPR
  • secure an appropriate budget
  • map key data flows
  • undertake a compliance assessment and gap analysis
  • determine the lead supervisory authority
  • review and draft relevant notices, policies and procedures
  • review data breach reporting processes
  • undertake a review of key third party arrangements and agreements
  • employ or engage a data protection officer
  • educate and train.

How Browne Jacobson can help your business to comply

We have a highly experienced team of data protection and cyber security lawyers who are able to provide pragmatic legal advice on compliance with GDPR. Our team has worked with many organisations in the sector.

Our people

Focus on...

Legal updates

Legal and regulatory monthly update - September 2019

The latest update covering delegated authority, insurance product development, the senior insurance managers regime, data protection, operational control frameworks, Lloyds market, and horizon scanning.


Published articles

Privilege prevails

The Court of Appeal recently allowed an important appeal relating to the disclosure of documents created in the build up to the eventual proceedings brought by the Serious Fraud Office (SFO).


Legal updates

E-technology: work smarter, not harder

Despite the Jackson reforms attempting to persuade parties to move away from standard disclosure and utilise the menu of options available, reducing the consequential costs of disclosure, there has still been a reluctance to depart from that procedure and make use of the alternative disclosure options available.


Legal updates

Enforcement notice issued against council by the ICO due to subject access request backlog

An enforcement notice has been issued by the Information Commissioner’s Office (the ICO) under the Data Protection Act 1998 which requires the London Borough of Lewisham to clear a backlog of subject access requests by 15 October 2018.


The content on this page is provided for the purposes of general interest and information. It contains only brief summaries of aspects of the subject matter and does not provide comprehensive statements of the law. It does not constitute legal advice and does not provide a substitute for it.

Mailing list sign up

Select which mailings you would like to receive from us.

Sign up