The European General Data Protection Regulation. A guide for the insurance industry
Data protection will need to be on the boardroom agenda.
This is a milestone moment in the world of data protection law. On 15 December 2015, after 3 years of detailed discussions, political agreement was reached between the European Commission, EU Parliament and the Council of the EU on the compromise text of the General Data Protection Regulation. The GDPR will replace the Data Protection Directive 95/46/EC and therefore the Data Protection Act 1998 in the UK. The GDPR will be formally adopted by the EU Parliament and the Council of the EU in the coming weeks when it is published in the Official Journal of the European Union. Twenty days later, the GDPR will be in force. It will not take effect for a further two years. We anticipate that the GDPR will take effect some time during the first half of 2018.
It is, however, early days. We await further guidance and local legislation where derogations to the GDPR are permitted. We will keep you updated as the landscape evolves.
This guide has been written to provide the insurance industry with an overview of the impact we expect the GDPR to have. We have looked at each of the main provisions and compared them against current law and best practice guidance from the Information Commissioner’s Office. We have then considered the impact that these key changes might have on the insurance industry and advised on the practical steps that can be taken now in order start the process of ensuring GDPR compliance before the two year implementation period comes to an end.