With just over a year to go before the new General Data Protection Regulations (GDPR) bring significant changes, Steve Sands, chief information security officer (CISO) and data protection officer (DPO) at Synectics Solutions shares five things all data controllers and processors needs to know.

1. GDPR will become fully enforceable from 25^th May 2018
2. There will be just six key principles, which focus on data access and its use being lawful, fair and transparent and only for explicit and legitimate purposes.
3. New accountability requirements bring sanctions and breach penalties that will make businesses sit up and take notice – including fines of up to 4% of turnover.
4. There is likely to be a shortage of expert data protection officers as all businesses with more than 250 employees or those who process data for more than 5,000 subjects will be affected by GDPR.
5. GDPR enshrines the right of portability of data between companies.

So, what is changing?

According to a report published by PwC in May 2016, below are the main points that the GDPR regulation will change.

• Data breach deadlines: Insurers will have just 72 hours to disclose a personal data breach to the regulators, and in some cases to the affected individuals.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

View profiles in store

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Submit

UK USA Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Bonaire, Sint Eustatius and Saba Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Darussalam Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos Islands Colombia Comoros Congo Democratic Republic of the Congo Cook Islands Costa Rica Côte d"Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Lao Latvia Lebanon Lesotho Liberia Libyan Arab Jamahiriya Liechtenstein Lithuania Luxembourg Macao Macedonia, The Former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territory Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Pierre and Miquelon Saint Vincent and The Grenadines Samoa San Marino Sao Tome and Principe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia and The South Sandwich Islands Spain Sri Lanka Sudan Suriname Svalbard and Jan Mayen Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates US Minor Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands US Virgin Islands Wallis and Futuna Western Sahara Yemen Zambia Zimbabwe Kosovo

Industry * Academia & Education Aerospace, Defense & Security Agriculture Asset Management Automotive Banking & Payments Chemicals Construction Consumer Foodservice Government, trade bodies and NGOs Health & Fitness Hospitals & Healthcare HR, Staffing & Recruitment Insurance Investment Banking Legal Services Management Consulting Marketing & Advertising Media & Publishing Medical Devices Mining Oil & Gas Packaging Pharmaceuticals Power & Utilities Private Equity Real Estate Retail Sport Technology Telecom Transportation & Logistics Travel, Tourism & Hospitality Venture Capital

Tick here to opt out of curated industry news, reports, and event updates from Life Insurance International.

Submit and download

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

• Better quality consents required: Insurers will have to meet tougher quality requirements for legal consent, if they want to rely on consent to process personal data. Customers must give that consent freely and on the basis they have been fully informed about the nature of each type of usage. The insurer will have to be able to prove that they have obtained consent of the right quality.

• Privacy by design: Insurers will be required to minimise the collection and use of personal data – and will be expected to do this automatically as they design new products and services.

• New fines and penalties:  Regulators will have the power to fine insurers up to €20m or 4% of worldwide annual turnover (whichever is higher) for the most serious breaches of data protection laws.

• Processing now at risk: Customers will have the right to object to having data on them used for insurance activities such as risk and pricing modelling unless the insurer has compelling and legitimate reasons for doing so. Customers have the right to object to data processing for direct marketing.

• Profiling gets tougher: Insurers won’t usually be allowed to make decisions about customers purely on the basis of automated processing, including profiling, unless they have established a legal right to do so, which will generally be contract-based.

• New right to be forgotten: Customers will be entitled to ask insurers to delete their personal data where it is no longer required for its original purpose, or where they have withdrawn their consent.

• Portability guaranteed: Customers will be entitled to request that their personal data is transferred from one insurer to another as they switch companies. Insurers will be obliged to facilitate this.

• International data transfers: While EU data transfer rules are not fundamentally altered, there will be enhanced regulation of the mechanisms put in place to ensure that personal data is properly protected when abroad.

• Data protection officers: Some commentators are interpreting the GDPR as requiring the compulsory employment of Data Protection Officers (DPOs) in the insurance sector. PwC considers that DPOs are required as a matter of good governance in all cases.

Sign up for our daily news round-up!

Give your business an edge with our leading industry insights.

Sign up