The General Data Protection Regulation (or GDPR) is due to arrive on 25th May 2018 and represents an advancement of the existing principles within the current Data Protection Act (DPA). It is designed to protect the privacy of individuals who make their personal data available to organisations established in the EU. The GDPR will harmonise European privacy laws and govern the way organisations collect and store customer data.
What is the GDPR?
The GDPR presents a clearly defined set of requirements for organisations who process personal data and improves the rights of individuals to have a say over how their data is used. The GDPR is designed to ensure that data legislation across the EU reflects the numerous ways that data is now used. The GDPR aims to impose stronger data security restrictions upon companies that handle personal data, and to give individuals greater transparency over where and how their personal data is used.
Compliance with the GDPR not only applies to organisations located within the EU but also to those organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. In addition to this, it also applies to all companies processing and holding the personal data of individuals residing in the EU, regardless of that company’s geographic location.
What types of data does this apply to?
The GDPR applies to information that can be used to identify an individual, either directly or indirectly. This includes both:
- ‘personal data’, including name, identification number, location data or online identifier, and
- ‘special categories of personal data’ (previously referred to as ‘sensitive personal data’), which now includes genetic data, and biometric data where processed to uniquely identify an individual. There will be enhanced protections over ‘special category personal data’, such as data relating to an individual’s health.
What are the GDPR principles companies need to abide by?
The main responsibilities for organisations are stated in Article 5 of the GDPR which outlines the core data protection principles. Personal data should be:
Personal data should be:
- “processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
There could be negative repercussions for organisations and individuals that breach the GDPR. These include fines of up to €20 million or 4% of the organisation’s group annual turnover (whichever is larger). Significant reputational damage and personal liability could also arise.
Allocation of the fines are based on the specific articles of the Regulation that the organisation has breached. Infringements of the organisation’s obligations, including data security breaches, will be subject to lower level fines, whereas infringements of an individual’s privacy rights will be subject to the higher level. In addition to fines imposed by the regulator, individuals will be able to bring about personal claims against an organisation for material and non-material damages.
What are the next steps?
With the impending deadline fast approaching, all businesses that collect or process the personal information of individuals in the EU, will need to comply with the regulation. It is essential to organise a planned, structured approach to the incoming regulation changes and that senior leadership teams within the business are engaged to ensure changes are implemented at the appropriate level.
Conduct a thorough review of the existing data collection, processing and storage methods. Update existing data retention and protection policies to ensure that procedures are in place that reflect the requirements of the GDPR, Organisations must show that they have a lawful purpose for processing personal data or have the direct consent of the individual concerned.
Oxford Insurance Brokers has already implemented a comprehensive GDPR compliance plan, to ensure that the organisation’s agreements, policies and processes are aligned to the GDPR.
You can visit the ICO website for more information on GDPR: https://ico.org.uk/for-organisations/guide-to-the-generaldata-protection-regulation-gdpr/
Trireme Insurance Group (Trireme), the parent organisation of James Hampden International (“JHI”) and Oxford Insurance Brokers (“Oxford”), has adopted a group-wide Document Management System (“DMS”) hosted and provided by TIW Group (TIW). JHI and Oxford now share a common DMS that makes it easy to save and retrieve documents in a secure, business-designed folder structure.
Trireme is committed to constantly improving customer service and investing in technology is a key part of that commitment. Trireme continues to work with TIW to further expand the system’s capabilities and through automation, simplifies everyday activities such as adding clients, processing claims and submitting A&S/ECF transactions to Xchanging/the IMR. Putting clients at the heart of their processes, the DMS helps with the secure and efficient management of all documents for policies, claims and correspondence.
Edward Halloran, IT Director at Trireme, commented “We have invested a significant amount of resource to modernise our core systems and we have a clear vision for the future. The DMS is a key part of the strategy which involved some degree of cultural change. TIW’s deep insurance understanding helped us cut to the essentials of what we needed. I am pleased with the way TIW collaborated with Trireme to accelerate implementation. This enabled us to deliver what was needed to the business on time.”
David Edwards, CEO of TIW, commented “At TIW we pride ourselves on applying our broad and deep insurance expertise to digitally transform businesses in the Lloyd’s and London Insurance Market. We are delighted to have delivered this key infrastructure project for Trireme.”
Oxford Insurance Brokers is extremely proud to be involved with a Nepalese not for profit, non-governmental organisation; The Chamely Foundation Nepal by supporting the foundations efforts in providing shelter for the poor and the assistance of rebuilding village schools outside of Kathmandu following the devastation caused by the earthquake in April 2015.
Kevin Godwin, Oxford’s Technical Director, travelled to Nepal, as a volunteer, to help rebuild Jagriti Primary School, which had been destroyed by the earthquake. The earthquake, with a magnitude of 7.8 on the Richter scale, killed near 9,000 people and destroyed many communities, still leaving countless people living under canvas or in temporary corrugated iron homes.
Oxford Insurance Brokers contributed towards the cost of materials for the construction of school in a small village outside of Kathmandu, which will ultimately provide four classrooms for young children who have not been able to attend school for the last 18 months. Kevin worked tirelessly for 10 days, alongside a Nepalese builder and two labourers on this particular project. This process was manually intensive and involved the preparing and laying of materials, and the digging of large trenches for a sufficient drainage system.
Kevin comments “Having previously travelled around Nepal, the country and its people have become very close to my heart and I and was actually 30 minutes from landing in Kathmandu when the earthquake happened. I spent a period of time in 2015 doing disaster relief work in Nepal where I met Madhav Timalsina, the Chairperson of the Chamely Foundation. The Chamely Foundation’s main focus was education for children in remoter areas of the country, since the earthquake their focus was extended to providing shelter for the poorer families whose houses were destroyed and the rebuilding of village schools. I have met many Nepalese people whose lives were drastically affected by the earthquake and their resilience to what was a very hard life in the first place with the added hardship of losing homes and loved ones is incredible. I would like to thank Oxford for the support they have given to me in allowing me to return to do more disaster relief work and their support for the Chamely Foundation”
If you would like to contribute to this cause yourself, please go to https://www.generosity.com/education-fundraising/rebuilding-schools-supplies-homes-for-helpless
Oxford Insurance Brokers are delighted to announce that Edward Halloran has joined the company as IT Director. Edward has over 15 years’ experience in this market and joined in 2015.
“After hearing that Oxford Insurance Brokers are heavily invested in using technology to modernise and streamline their business processes, I’m delighted to become a part of the team.
In 2014, the Boston Consulting Group created the most comprehensive report ever on the London Market, ‘London Matters – The competitive position of the London insurance market’. The report made it clear that the London Market’s position as the undisputed global centre of excellence for commercial insurance and reinsurance is under threat.
Some of the main questions posed from this report include, improving the ‘ease of doing business’ and decreasing expense ratios. Over the next 5 years, IT teams across the market will need to deliver systems that not only answer these questions, but future proof the infrastructure so we continue to be in a position of strength.
I’m confident that Oxford has the people and resources to be at the forefront of this change. I look forward to the challenges that lie ahead.”
We are pleased to announce that we have recently engaged Chris Jenkin as a consultant to Oxford for the purposes of business development in the Asia region and with a particular focus on Accident & Health / Life reinsurances but also for other niche opportunities as they develop.
Chris has over 35 years business experience in both Asia and London having worked in various broking capacities with well known names operating in the region including the Swire Group, Miller Insurance Services and HSBC Re Asia. As well as being responsible for regional business production in the large triangle of countries that run from India across to Japan and down to Indonesia, he has also had responsibility for managing and recruiting teams and opening offices in Hong Kong, Singapore, Taiwan and Malaysia. Chris brings to us a huge network of contacts and relationships with various insurers, reinsurers and brokers throughout the region and we look forward to working with him to develop Oxford's footprint into Asia.
Chris has commented to us that he is delighted to see a new dynamic broker entering the Asia arena. He is keen to assist in this development at such an exciting time of real economic regional growth which will see ever growing and substantial opportunities and demands for our insurance expertise.