The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. It will be manifested in UK law by the Data Protection Act 2018. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. We felt that providing some basic GDPR guidance to help our clients in the right direction was important.
What does it mean for your business? It means a lot, and no matter how small you are, you have to comply with new regulations regarding the secure collection, storage and usage of personal information. Consideration will need to be given to the type of data your business has, how data is processed, how it is stored, how its used, accessed and for how long it is kept. This will vary for each business and there is not a
specific answer or template on compliance that can be applied.
The Information commissioners office is the governing body of data regulations in the UK, they have produced some helpful guidance for businesses who need extra support with understanding and implementing any changes within their business. their guidance can be found here .
The main body of work with GDPR compliance is the creation of a privacy notice which sets out to all stakeholders how you will comply with GDPR and how you handle and process personal data. It is this document and the supporting procedures which will help you and your business create a culture of compliance.
When thinking about personal data from an insurance point of view, there are many areas of GDPR which can affect your insurance programme, the claims you have and can also generate claims within your business.
Claims – Its worth considering the length of time you hold personal data for in line with the ability for clients or employees to bring claims against your business. The time limit for negligence claims is usually 3 years for personal injury claims and usually 6 years for non personal injury following an incident. It is worth also considering that if the claimant was a minor they may have that time from their 18th birthday. This demonstrates that your customers demographic profile may mean that you decide to hold data for a different length of time. For employee claims it is possible for them to bring actions against negligent employers for a period following the discovery of illness or disease and this could have a much longer lead-time. It may be that client data and employee data are treated differently by your business.
Can I insure my data? yes, Cyber insurance is a cover which protects businesses against the loss or damage information networks or data stored on them, it can also cover the third. party liability and sometimes costs. associated with regulatory enquiries, for more information about cyber insurance click here. This is especially more interest to small business do to the positive requirement to report all data breaches to the ICO.
Whilst we are not GDPR specialists we recognise that our clients turn to professional organisations like ourselves for GDPR guidance, the above is designed to help businesses in the right direction and any information or usage of external links is at the users discretion. We will update this page with links to any resources we find useful.