The General Data Protection Regulation (GDPR) will be implemented in the UK, and the rest of the European
Union, on 25 May 2018. The GDPR, or something very similar to it, is highly likely to be in force after the UK
leaves the EU.
Download our quick guide to hear how the GDPR will affect the insurance sector and what you should be doing now to prepare for May 2018.
Visit our hub to access information and resources tailored to brokers: www.brownejacobson.com/brokers
Relationship Between International Law and Municipal Law MIR.pdf
The General Data Protection Regulation and insurance
1. The General Data Protection Regulation and insurance
The General Data Protection Regulation (GDPR) will be implemented in the UK, and the rest of the European
Union, on 25 May 2018. The GDPR, or something very similar to it, is highly likely to be in force after the UK
leaves the EU.
The GDPR revolutionises data protection and has a potentially huge impact on insurers. Organisations breaching the
GDPR will face penalties of up to €20 million or 4% of global turnover, whichever is highest. As time is ticking by,
businesses now need to understand how the new law will affect them and put in place measures to comply.
Browne Jacobson has bought together its data protection experts with its insurance team. Together, they
understand how the GDPR will impact the insurance sector and how to comply in a cost-effective way.
Birmingham | Exeter | London | Manchester | Nottingham
0370 270 6000
www.brownejacobson.com
Browne Jacobson client
They have excellent visibility
in the market, with useful
contacts and vast experience of
working within our sector. They
have also responded quickly to
every request we have made.
“
”
Key issues under the GDPR affecting the insurance sector:
• accountability for the collection use and retention
of data of employees, customers, policy holders and
third parties
• collection of health, genetics, crime data and
demographic information
• managing more onerous obligations, higher penalties
and enhanced individual rights
• data analytics and Big Data
• use of telematics
• profiling favourable customer identification
• connected devices
• fraud detection reporting and credit reporting
multi-channel marketing
• use of legacy databases
• innovation, Internet of Things, Artificial Intelligence
personalisation and customer experience
• information security and cyber resilience
• data sharing and off-shoring
• data profitability
• managing and reporting data breaches
• data protection officers
• cyber insurance policies.
Steps to prepare for May 2018:
• raise awareness of the impacts of GDPR
• secure an appropriate budget
• map key data flows
• undertake a compliance assessment and gap analysis
• determine the lead supervisory authority
• review and draft relevant notices, policies and procedures
• review data breach reporting processes
• undertake a review of key third party arrangements and
agreements
• employ or engage a data protection officer
• educate and train.