The General Data Protection Regulation and insurance

The General Data Protection Regulation (GDPR) will be implemented in the UK, and the rest of the European Union, on 25 May 2018. The GDPR, or something very similar to it, is highly likely to be in force after the UK leaves the EU.

The GDPR revolutionises data protection and has a potentially huge impact on insurers. Organisations breaching the GDPR will face penalties of up to €20 million or 4% of global turnover, whichever is highest. As time is ticking by, businesses now need to understand how the new law will affect them and put in place measures to comply.

Browne Jacobson has bought together its data protection experts with its insurance team. Together, they understand how the GDPR will impact the insurance sector and how to comply in a cost-effective way.

Key issues under the GDPR affecting the insurance sector:

• accountability for the collection use and retention of data of employees, customers, policy holders and third parties
• collection of health, genetics, crime data and demographic information
• managing more onerous obligations, higher penalties and enhanced individual rights
• data analytics and Big Data
• use of telematics
• profiling favourable customer identification
• connected devices
• fraud detection reporting and credit reporting multi-channel marketing
• use of legacy databases
• innovation, Internet of Things, Artificial Intelligence personalisation and customer experience
• information security and cyber resilience
• data sharing and off-shoring
• data profitability
• managing and reporting data breaches
• data protection officers
• cyber insurance policies.

Steps to prepare for May 2018:

• raise awareness of the impacts of GDPR
• secure an appropriate budget
• map key data flows
• undertake a compliance assessment and gap analysis
• determine the lead supervisory authority
• review and draft relevant notices, policies and procedures
• review data breach reporting processes
• undertake a review of key third party arrangements and agreements
• employ or engage a data protection officer
• educate and train.

How Browne Jacobson can help your business to comply

We have a highly experienced team of data protection and cyber security lawyers who are able to provide pragmatic legal advice on compliance with GDPR. Our team has worked with many organisations in the sector.

The content on this page is provided for the purposes of general interest and information. It contains only brief summaries of aspects of the subject matter and does not provide comprehensive statements of the law. It does not constitute legal advice and does not provide a substitute for it.