Compliance with the General Data Protection Regulation

Compliance with the General Data Protection Regulation

August 1, 2018 Business Insurance and Risk Management, The Beacon Blog 0 Comments

Since May 25 the General Data Protection Regulation – GDPR for short – has been in force for the European Union and all companies doing business there. Computer users have seen new privacy agreements on websites and in emails as companies start to comply. The GDPR can impose huge fines for non-compliance with its requirements. Andres Richter, CEO of Priority Software, lists nine steps for successful compliance.

  1. Find all customer data and connect it to a central depository.
  2. Track the process of lead generation and make sure to store the exact type of communications a customer agrees to receive.
  3. Train employees to store personal information in pre-defined tables and fields for easy portability.
  4. Have a clear list and procedures for deleting customer data. The “right to be forgotten” is an important part of the GDPR.
  5. Ensure all personal data is secured. Access should be restricted to employees who need the data.
  6. For data stored in the cloud, request the service provider’s procedures for GDPR compliance.
  7. Pinpoint the physical location of your customer data. Know the applicable regulation.
  8. Offer employees the right to access their data, the “right to be forgotten” and to withdraw consent to disseminate data.
  9. Have a process to notify everyone of a data breach.

Even if you don’t do business in the European Union, these are good procedures for data management and security.

About the Author

Harry Cylinder

Harry Cylinder, CPCU, ARM has spent nearly fifty years in the insurance industry, the majority of the time as a consultant. He has been employed by The Beacon Group of Companies since 2008, specializing in the review and analysis of property and casualty coverage forms. Mr. Cylinder has been reviewing policy forms as they have evolved over the past decades. In 2008 he published an article in the CPCU Journal which was the first description of cyber insurance coverage for a general insurance audience. Since that time he has regularly written on cyber and other topics for The Beacon Companies’ blog.