In the second issue of our member magazine, The Insider, Elaine Morrissey (Associate Solicitor at McDowell Purcell) looks at how EU General Data Protection Regulation (GDPR) will impact the insurance industry when it comes into force in May 2018.
The General Data Protection Regulation (GDPR) replaces the European Directive on data protection, which was transposed into Irish law by the Data Protection Acts 1988-2003.
This Directive, due to the changing nature of business and technology, was no longer fit for purpose. After years of negotiations the GDPR was agreed on and is enforceable from 25 May 2018. This lead in time is necessary due to the complexity of the legislation and the challenges that organisations will face in being compliant.
The aim of the GDPR is to have a harmonised rule book for all data subjects and organisations, with a key focus on strengthening the rights of data subjects in relation to their personal data. The GDPR applies across all business types and to both public and private sectors.
As a Regulation it is directly applicable – that is, it does not need local legislation for it to be enforceable. However local legislation, the Data Protection Bill, due to be published in the autumn, aims to assist with the implementation of the GDPR and fill in the gaps that exist for Ireland. Both pieces of legislation will have to be considered when seeking to ensure compliance.
How will the GDPR impact the insurance industry?
The GDPR has an immediate and direct impact on the insurance industry. The reforms include:
- Administration Fines
- Right to Compensation
- New Processing and Consent Rules
- Data Processor Obligations
- Data Controller/Data Processor Contracts
- New Rules for Data Access Requests
- The Right to be Forgotten
- Data Protection Officers
- Codes of Conduct
- Data Breach Notification Obligations
- Data Transfers
- Privacy Impact Assessments
- Liability for breaches of the GDPR (administration fines and compensation)
- Data access requests
- Right to be forgotten
- Codes of conduct
- Processing of personal data relating to criminal convictions and offences
Log in to access the rest of this article in our magazine, The Insider.