With the costs of non-compliance likely to be high, marine insurer North P&I Club has provided guidance on how to be ready for the European Union’s General Data Protection Regulation (GDPR).
In a seminar and panel discussion it hosted at the Yacht Club of Greece in Piraeus, North P&I Club explained its approach to compliance, sharing the steps it has taken as well as the resources it has committed to meet its GDPR obligations.
“The GDPR is an extensive piece of legislation and we believe GDPR preparedness should be regarded as a project, rather than a discrete piece of work,” noted Adrian Durkin, director of claims at North P&I Club. “A designated person, people, or function should have oversight of and accountability for GDPR readiness.
“However, engagement with all business units is essential, as it is likely that almost all business functions will have some access to personal data and undertake some processing of it.”
Durkin said a key first step is an audit determining what personal data is held within each business area, where data is received from, and where it is sent to. “In other words, which third parties or organisations,” he explained. “That facilitates an assessment of how the use of that data is considered to be lawful under the GDPR.
“The outcome of the audit enables organisations to consider how they will meet the key GDPR requirement of informing individuals about how their data is being used to achieve the transparency envisaged by the GDPR. This will also enable individuals to make an informed choice about whether they are happy with how information about them is being used by organisations.”
Also part of the event were representatives from legal and professional services firms Hill Dickinson, Mazars, and PPT Legal. Topics discussed include the enforceability of GDPR, the legislation’s challenges and opportunities, as well as the risks of non-compliance.
Related stories:
GDPR one year away: is insurance ready?
Asia‘s cyber insurance shields are inadequate – study