Priviblog

Insurance Broker’s Insights into GDPR Compliance Struggle

Posted on 13/04/2018

GDPR chain

JLT Specialty is a leading specialty broker with clients spanning the globe. They supply insurance and risk management services to companies that include dominant players in the world’s leading industries. So when they raise concerns about companies struggling to achieve GDPR compliance, we should really pay attention.

JLT’s Concerns

In a short blog post on their Insights page, JLT Specialty reported that many companies admitted to being under-prepared for GDPR compliance. A survey of over 3000 companies was conducted by independent market research company Forrester. Less than half considered themselves to be compliant or 8 months away from achieving compliance (that would be long after the 25th May deadline). It is suspected that even amongst these firms, many are underestimating precisely what needs to be done in order to achieve compliance.

Similar figures were revealed by a survey conducted for the UK government’s Department of Digital, Culture, Media and Sport. Worryingly, they reported that less than half of businesses were even aware of GDPR.

Consequences of Non-Compliance

JLT Specialty describe the consequences of failure to comply with new GDPR laws:

“Failure to comply can result in fines of up to EUR 20 million or 4% of global annual revenue, whichever is higher. GDPR introduces a mandatory notification regime – organisations will have just 72 hours to notify the regulator of a data breach - as well as other requirements, such as the need to prepare a data breach response plan. The regulations also introduce increased rights for data owners that could make litigation more likely and costly.”

GDPR requires that you take a ‘data protection by design’ approach (actually this is not new and has been a requirement since the Data Protection Act was brought in in 1998). Underpinning this is the new Principle of Integrity in GDPR, which requires you to prove that the end-to-end systems and processes you have in place protect personal information that you are responsible for.  Failure to demonstrate this constitutes a breach. End-to-end means the entire estate that you are responsible for. This will include: training of personnel (employees and contractors), checking your firm’s policies (as well as those of software companies and other IT providers that you rely on), implementing new procedures and documenting everything. 

Priviness CEO, Sandy Gilchrist responded to the red flags raised by surveys in the JLT report:

“It would seem from these surveys that a lot of companies are hoodwinking themselves into believing they are compliant."

If you would like to discuss the impact of GDPR or organise a training session for your staff, please get in touch by calling 0203 2878 243 or emailing info@priviness.eu.


Back To all catagories