Get ready: GDPR a “starting point”

Rules on personal data processing could get “even more modern” says expert

Get ready: GDPR a “starting point”

Insurance News

By Lucy Hook

We know now that Brexit won’t excuse the industry from compliance with General Data Protection Regulation (GDPR), which will place much stricter rules on insurance companies in the way that they process information.

But the GDPR, which comes into force in May next year, could be just the start of a wider shift, according to one expert.

“Any businesses processing personal data need to keep working on meeting the GDPR standards as a starting point and bearing in mind that likely, the current processing of personal data based on UK exemptions will remain on a similar basis – although perhaps even more modern,” Rocio De La Cruz, principal associate at global law firm Gowling WLG, told Insurance Business.

The culture around privacy, cyber security, and personal data is changing as a whole and organisations should view the issue “as an evolving, mind refreshing project, rather than a compliance burden,” De La Cruz warned.

“Personally, the way I see it is like when a person debates between doing a ‘quick-diet-where-they-will-lose-five-pounds-in-two-days-but-put-on-ten-right-afterwards’, or changing their eating habits. Indeed, we all know what brings more benefits in a long-term period. And it is worth it,” she explained.

This month, the government published an overview of the Data Protection Bill, which will overhaul the UK’s data laws. While the GDPR will still apply irrespective of Brexit, the Bill will introduce a regime that covers not only the general provisions stated in the GDPR, but also outlines the importance of cyber security, and introduces additional exemptions along with law enforcement and national security data provisions, De La Cruz explained.

“The overview document of the Data Protection Bill reaffirms that the Government’s position is to maintain the GDPR standards,” she said. “This will help the UK be recognised by the European Commission as providing an adequate level of protection, in order to facilitate the international transfers of personal data without the need for putting in place alternative mechanisms like model clauses.”


Related stories:
Brexit won’t excuse the industry from GDPR compliance
Allianz Worldwide Partners UK appoints legal & compliance head

Keep up with the latest news and events

Join our mailing list, it’s free!