In the second issue of our member magazine, The Insider, Elaine Morrissey (Associate Solicitor at McDowell Purcell) looks at how EU General Data Protection Regulation (GDPR) will impact the insurance industry when it comes into force in May 2018.
The General Data Protection Regulation (GDPR) replaces the European Directive on data protection, which was transposed into Irish law by the Data Protection Acts 1988-2003.
This Directive, due to the changing nature of business and technology, was no longer fit for purpose. After years of negotiations the GDPR was agreed on and is enforceable from 25 May 2018. This lead in time is necessary due to the complexity of the legislation and the challenges that organisations will face in being compliant.
The aim of the GDPR is to have a harmonised rule book for all data subjects and organisations, with a key focus on strengthening the rights of data subjects in relation to their personal data. The GDPR applies across all business types and to both public and private sectors.
As a Regulation it is directly applicable – that is, it does not need local legislation for it to be enforceable. However local legislation, the Data Protection Bill, due to be published in the autumn, aims to assist with the implementation of the GDPR and fill in the gaps that exist for Ireland. Both pieces of legislation will have to be considered when seeking to ensure compliance.
The GDPR has an immediate and direct impact on the insurance industry. The reforms include:
Log in to access the rest of this article in our magazine, The Insider.