GDPR in a nutshell
Has GDPR got you feeling confused? Our Compliance Manager, Mark Wallis, has wrapped up the key points into a neat guide - check it out below
What does GDPR stand for?
As you probably know, GDPR stands for the General Data Protection Regulation. It replaces the Data Protection Act 1998 in order to strengthen and unify data protection for everyone within the European Union (EU), and will be relevant to the UK regardless of Brexit.
It’s designed to give us all greater control over our personal data, and aims to ensure that every business is open and transparent about the personal information they collect and how it’s used.
When will it come into force?
Businesses must be compliant by 25 May 2018 otherwise they risk a significant fine or censure. Fines can be up to 20m EUR or 4% of their turnover.
How will it impact on you?
We'll be updating our intermediary terms of business to include all key requirements of GDPR. These will be available on our website by the end of April.
Within this we’ll outline certain requirements, for example the need to clearly articulate why you’re collecting certain information, how this data is to be used, and where and why it’s shared.
Will the way we gather customer data change?
Does GDPR improve existing customer rights?
Yes. When it comes to personal data, GDPR enhances the existing rights of the customer. It also places a greater onus on businesses to fulfil certain requests. For example, if a customer makes Data Subjects Access Requests (DSARs), the timeline for responding will now be 30 days.
Are there any additional customer rights?
Yes. These include the Right to Erasure (this means their data can be completely removed in certain circumstances) and the Right to Portability (this means they can obtain and reuse their data between organisations).
What is a personal data breach?
GDPR defines “personal data” as “any information relating to an identified or identifiable natural person (“data subject”).”
A “personal data breach” is defined as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.”
Under GDPR the regulator must be notified within 72 hours of a breach being identified.
Will it impact your personal data?
Yes. As a broker you’ll also have individual rights – so where we hold information about you, you can exercise your rights, for example the right to be forgotten, in certain circumstances.