GDPR is here. The General Data Protection Regulation is a new rule in European Union law to govern personal data protection. Effective May 25, 2018 and applying to all businesses that operate in Europe, GDPR strengthens consumer safeguards and harmonizes disparate standards across the continent.
Hamilton at Lloyd’s Compliance Director Dominic Ford says the regulation will have two main effects on companies. First, GDPR will make it easier for them to do business. A single consumer product requires just one privacy notice rather than separate notices, and processes customized for each of the 28 member nations of the EU.
Second, regulators will be able to take action against companies that don’t have the necessary data control and compliance process in place, rather than waiting for evidence of data mismanagement to trigger regulatory action. Penalties for non-compliance also have gone up significantly, replacing amounts set at the dawn of the digital age.
GDPR will have little impact on Hamilton.
How much effect is the new rule expected to have on Hamilton and the way we do business? Little, according to Dominic.
“We’re awash with personal data, but most of it is of low value public information,” he says. “Consequently, we have lesser risk when it comes to data protection and our operations. Even though our risk is minimal, security of our IT systems is a paramount concern. We’ve earned Cyber Essentials Plus certification to prove that proper controls are in place to guard against cyber threats. We’ve also had some 100 hours of training on data protection to prepare for the advent of GDPR.”
According to Dominic, much of the trepidation about the regulation has come from companies that have found shortcomings in their existing data protection standards. GDPR has forced these firms to rethink and revamp their data protection regimes in short order.
Dominic notes that Hamilton is ready for GDPR. “With assistance from the Lloyd’s Market Association, we’ve taken all the actions necessary to make the transition to GDPR as smooth and seamless as possible.”
As for Hamilton’s employees, they will soon receive an email message that directs them to a privacy notice that reflects the data protection requirements of GDPR.
He explains that as far as our customers and employees are concerned, they are not required to take any action and are likely to spot no change at all in the way we do business.
“We will continue to advise our employees and customers of their privacy rights, although using a different notice. And we will continue to take every meaningful action to protect the data we collect.”
Proof that when it comes to Hamilton, GDPR is an evolution and not a revolution.