Industry News

Protecting your business against cyber-attacks

In May 2017, “WannaCry” ransomware reportedly hit over 200,000 computers.

Property: The importance of avoiding unintentional underinsurance

Underinsurance is a common problem encountered by policyholders.

Need Travel Insurance?

Travel insurance provides protection if you face certain problems when you are travelling or on holiday.

Daines Kapp celebrate its 30th anniversary with a 3 day cruise!

We recently took all of our team to celebrate in Guernsey.

George Worby first to complete Allianz's broker apprenticeship

Allianz has revealed its first success story in its broker apprenticeship.

George Worby announced as winner of Insurance Practitioner Apprentice of the Year

At the first apprenticeship awards ceremony the CII has held.

GDPR comes into force May 2018. 

New Data Protection Regulation

July 2017

A new data privacy law, the General Data Protection Regulation (GDPR), comes into force in May 2018, overhauling current data protection legislation.   

The General Data Protection Regulation (GDPR) will replace the current Data Protection system and has been designed to harmonise data privacy laws across Europe, protecting all EU citizen data privacy and to restructure and reform the way organisations across the region approach and safeguard data privacy.

If you handle EU citizen data, you will need to show compliance to the new regulation, ideally by having someone in your business responsible for data protection and ensuring you gain customers’ consent before using their data, using the ‘opt in’ system rather than the current ‘opt out’ mechanism.

If you do not comply with GDPR by the time it is enforced, you can be subject to a hefty fine. It is imperative your business is prepared. Here are 12 steps to help you get ready for one of the biggest changes in data regulation:

 

1. Ensure key people within your business are aware of the impact this is likely to have.

2. Document the information you should hold, where it came from and how you used it. Create an information audit if you need to.

3. Communicate your privacy notices and update if necessary in readiness for the implementation of GDPR.

4. Check your procedures to cover the rights of individual’s data, including how you delete records and how you transmit data.

5. Plan who has access to data records and who has the ability to amend and update records when required. 

6. Confirm the legal basis you have for using the data you hold and document it.

7. Review the way you obtain data with particular regards to obtaining and recording consent to use it from the individual.

8. Plan how you verify ages of individuals when data gathering to ensure if dealing with minors parental/ guardian consent is obtained and recorded.

9. Ensure you have procedures in place to detect, investigate, and report a personal data breach.

10. Use the guidance of Privacy Impact Assessments to understand how to implement them within your business.

11. Designate a Data Protection Officer, if necessary. This must be a responsible person as the role should sit within your company governance arrangements.

12. If you deal internationally, you will need to determine which data protection supervisory authority you come under.

 

You will also need to have an action plan in case of a data breach. This will involve notifying customers and reporting the incident to the Information Commissioner’s Office (ICO) within 72 hours.

Do not hesitate to contact a member of the team if you require further information.