The impacts of GDPR: What it means for your business

The General Data Protection Regulation (or GDPR) is due to arrive on 25th May 2018 and represents an advancement of the existing principles within the current Data Protection Act (DPA). It is designed to protect the privacy of individuals who make their personal data available to organisations established in the EU. The GDPR will harmonise European privacy laws and govern the way organisations collect and store customer data.

What is the GDPR?

The GDPR presents a clearly defined set of requirements for organisations who process personal data and improves the rights of individuals to have a say over how their data is used. The GDPR is designed to ensure that data legislation across the EU reflects the numerous ways that data is now used. The GDPR aims to impose stronger data security restrictions upon companies that handle personal data, and to give individuals greater transparency over where and how their personal data is used.

Compliance with the GDPR not only applies to organisations located within the EU but also to those organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. In addition to this, it also applies to all companies processing and holding the personal data of individuals residing in the EU, regardless of that company’s geographic location.

What types of data does this apply to?

The GDPR applies to information that can be used to identify an individual, either directly or indirectly. This includes both:

‘personal data’, including name, identification number, location data or online identifier, and
‘special categories of personal data’ (previously referred to as ‘sensitive personal data’), which now includes genetic data, and biometric data where processed to uniquely identify an individual. There will be enhanced protections over ‘special category personal data’, such as data relating to an individual’s health.
What are the GDPR principles companies need to abide by?

The main responsibilities for organisations are stated in Article 5 of the GDPR which outlines the core data protection principles. Personal data should be:

Personal data should be:

“processed lawfully, fairly and in a transparent manner in relation to individuals;
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
There could be negative repercussions for organisations and individuals that breach the GDPR. These include fines of up to €20 million or 4% of the organisation’s group annual turnover (whichever is larger). Significant reputational damage and personal liability could also arise.

Allocation of the fines are based on the specific articles of the Regulation that the organisation has breached. Infringements of the organisation’s obligations, including data security breaches, will be subject to lower level fines, whereas infringements of an individual’s privacy rights will be subject to the higher level. In addition to fines imposed by the regulator, individuals will be able to bring about personal claims against an organisation for material and non-material damages.

What are the next steps?

With the impending deadline fast approaching, all businesses that collect or process the personal information of individuals in the EU, will need to comply with the regulation. It is essential to organise a planned, structured approach to the incoming regulation changes and that senior leadership teams within the business are engaged to ensure changes are implemented at the appropriate level.

Conduct a thorough review of the existing data collection, processing and storage methods. Update existing data retention and protection policies to ensure that procedures are in place that reflect the requirements of the GDPR, Organisations must show that they have a lawful purpose for processing personal data or have the direct consent of the individual concerned.

Oxford Insurance Brokers has already implemented a comprehensive GDPR compliance plan, to ensure that the organisation’s agreements, policies and processes are aligned to the GDPR.

You can visit the ICO website for more information on GDPR:

Download: The impacts of GDPR: What it means for your business.pdf

New Technology Investment

Trireme Insurance Group (Trireme), the parent organisation of James Hampden International (“JHI”) and Oxford Insurance Brokers (“Oxford”), has adopted a group-wide Document Management System (“DMS”) hosted and provided by TIW Group (TIW). JHI and Oxford now share a common DMS that makes it easy to save and retrieve documents in a secure, business-designed folder structure.

The Chamely Foundation

Oxford Insurance Brokers is extremely proud to be involved with a Nepalese not for profit, non-governmental organisation; The Chamely Foundation Nepal by supporting the foundations efforts in providing shelter for the poor and the assistance of rebuilding village schools outside of Kathmandu following the devastation caused by the earthquake in April 2015.

Introducing Edward Halloran – IT Director

Oxford Insurance Brokers are delighted to announce that Edward Halloran has joined the company as IT Director. Edward has over 15 years’ experience in this market and joined in 2015.

“After hearing that Oxford Insurance Brokers are heavily invested in using technology to modernise and streamline their business processes, I’m delighted to become a part of the team.

In 2014, the Boston Consulting Group created the most comprehensive report ever on the London Market, ‘London Matters – The competitive position of the London insurance market’. The report made it clear that the London Market’s position as the undisputed global centre of excellence for commercial insurance and reinsurance is under threat.

Some of the main questions posed from this report include, improving the ‘ease of doing business’ and decreasing expense ratios. Over the next 5 years, IT teams across the market will need to deliver systems that not only answer these questions, but future proof the infrastructure so we continue to be in a position of strength.

I’m confident that Oxford has the people and resources to be at the forefront of this change. I look forward to the challenges that lie ahead.”
Edward Halloran

Introducing Chris Jenkin

We are pleased to announce that we have recently engaged Chris Jenkin as a consultant to Oxford for the purposes of business development in the Asia region and with a particular focus on Accident & Health / Life reinsurances but also for other niche opportunities as they develop.

Chris has over 35 years business experience in both Asia and London having worked in various broking capacities with well known names operating in the region including the Swire Group, Miller Insurance Services and HSBC Re Asia. As well as being responsible for regional business production in the large triangle of countries that run from India across to Japan and down to Indonesia, he has also had responsibility for managing and recruiting teams and opening offices in Hong Kong, Singapore, Taiwan and Malaysia. Chris brings to us a huge network of contacts and relationships with various insurers, reinsurers and brokers throughout the region and we look forward to working with him to develop Oxford’s footprint into Asia.

Chris has commented to us that he is delighted to see a new dynamic broker entering the Asia arena. He is keen to assist in this development at such an exciting time of real economic regional growth which will see ever growing and substantial opportunities and demands for our insurance expertise.