Are you processing personal data lawfully?

Slides:



Advertisements
Similar presentations
Please note: This is a PowerPoint 2003 file. Do not work on this file in PowerPoint 2007 or It will distort the template settings in this file (EVEN.
Advertisements

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Please note: This is a PowerPoint 2003 file. Do not work on this file in PowerPoint 2007 or It will distort the template settings in this file (EVEN.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Please note: This is a PowerPoint 2003 file. Do not work on this file in PowerPoint 2007 or It will distort the template settings in this file (EVEN.
Twelve Guiding Principles for the Regulation of Surveillance Camera Systems Presented by: Alastair Thomas Date: 23 rd October 2013.
INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
The EU General Data Protection Regulation Frank Rankin.
Data protection—training materials [Name and details of speaker]
Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.
General Data Protection Regulation (EU 2016/679)
Preparing for the GDPR Helping us to help you.
Contracts – the small print
Data Protection Officer’s Overview of the GDPR
Key changes with the GDPR
The future of data protection: General Data Protection Regulation
GDPR (General Data Protection Regulation)
Overview General Data Protection Regulation (GDPR)
Microsoft 365 Get help with regulatory compliance
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
General Data Protection Regulations: what you really need to know
Data Protection The Current Regime
General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
KEY CHANGES TO THE DATA PROTECTION LANDSCAPE
International Regulatory Trends
Museums + Heritage webinar, 30 November 2017
GDPR Readiness Project
GDPR Overview GDPR - General Data Protection Regulations
The European Union General Data Protection Regulation (GDPR)
Nina Barakzai November 2017
Data protection reform:
GDPR Road map to Compliance.
Radar Watchkeeping: Have you monitored your Communication department’s radar to avoid collisions with the new Regulation? 43rd EDPS-DPO meeting, 31 May.
Bob Siegel President Privacy Ref, Inc.
GENERAL DATA PROTECTION REGULATION (GDPR)
GDPR is There, Are you Ready?
General Data Protection Regulation
Introduction to GDPR 09/11/2018.
The General Data Protection Regulation (GDPR)
GDPR and Health and Safety
Preparing for the EU General Data Protection Regulation
State of the privacy union
Privacy: a work in progress
Appropriate Data Sharing in Health and Social Care
Information Governance
G.D.P.R General Data Protection Regulations
GENERAL DATA PROTECTION REGULATIONS (GDPR)
General Data Protection Regulation
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Mathew Norman, Policy & Public Affairs Officer, RLA Wales
IMPLICATIONS OF GDPR ROBERT BELL.
Welcome!.
Data transfers to non-EU countries under the new GDPR
GDPR enforcement begins
 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:
The General Data Protection Regulation Six months on – What’s changed
The General Data Protection Regulation: Are You Ready?
Recording Clinical Data
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
What Governors need to know about GDPR
Data Protection What can I do? GDPR Principles General Data Protection
General Data Protection Regulation (GDPR)
The European Union’s General Data Protection Regulation (GDPR): Overview and Guidance SUNY Office of General Counsel Spring 2019.
General Data Protection Regulation “11 months in”
GDPR Workshop – Partnerships for Jewish Schools
Data Privacy and GDPR Jane Shvets
Getting Ready For GDPR Simon Marks Director
A. Šidlauskas Mykolas Romeris University (LITHUANIA)
Presentation transcript:

Are you processing personal data lawfully? 19 January 2018 Mark Williamson and Isabel Ost, Clyde & Co LLP

Introduction to the General Data Protection Regulation and the Data Protection Bill Context Aims Scope/Timings

What does the GDPR cover? New Principle of Accountability Data Protection Principles Data Handling Obligations Legal Basis for Processing & Consent Security Data Subject Rights & Privacy Policies Breach Notification Data Protection Officers Enforcement

The Seven Data Protection Principles Lawfulness, Fairness and Transparency Purpose Limitation Data Minimisation Accuracy Storage Limitation Integrity and Confidentiality Accountability

Top GDPR Challenges for the insurance market Lawful and transparent processing Data breach notification Data subject rights International data transfers

What does lawful, fair and transparent mean? You have to justify each piece of Personal Data you process with a specific rule Lawful Fair and transparent You have to provide certain information to the data subject and give them certain rights

What does “personal data” mean for the insurance sector? What’s at risk? €20million or 4% of worldwide turnover whichever is greater Personal Data Touchpoints Business Core Purposes Quotation/Inception Policy administration Claims processing Business Secondary Purposes Marketing Wider risk analysis Product improvements Support HR – Employee personal data IT Legal Compliance Third party advisers

Personal Data flows through the insurance market 3rd Party Claimants 3rd Party Insureds Policy holder/Insured Processing Broker Insurer Reinsurer

Are you a “Data Controller” or a “Data Processor” Are you a “Data Controller” or a “Data Processor”? Dealing with a misconception Can you be both? At the same time? Under the same contract? What does “Joint Controllers” mean?

Fair and Transparent: Information Notices Controller must “take appropriate measures” to provide the privacy notice Must be in a “concise, transparent, intelligible and easily accessible form, using clear and plain language” Two lists of information to be provided: when you are collecting the information from the individual – when? when a third party passes on that information to you – when? Solution – LMA Privacy Notice

Lawful: Key justifications Personal data Special categories of data 1 Consent Explicit Consent 2 Performance of a contract with the data subject Legal claims 3 Legitimate interests In substantial public interest & set out in UK law

Consent: A higher standard Separate and distinct Clear, demonstrable, freely given & capable of withdrawal Revocable When not necessary, not conditional

The challenges around consent Getting it: Chain Data subjects where the insured is a Corporate and not the data subject Imbalance of power- is it “freely given”? Once you have it: Right to withdraw Consequences of withdrawal

Can you justify your processing with another lawful basis? Ordinary Personal Data: Performance of a contract with the data subject Legitimate interests Special Category Data: Legal claims In the substantial public interest and set out in UK law The insurance derogations

Policy Holder/Insured Core Business Purpose 1 Fair and Transparent Policy Holder/Insured Lawful Lawful Quotation/Inception Fair and Transparent 3rd Party Insureds Lawful Lawful Fair and Transparent 3rd Party Claimants Lawful Lawful

Policy Holder/Insured Policy Administration Core Business Purpose 2 Fair and Transparent Policy Holder/Insured Lawful Lawful Policy Administration Fair and Transparent 3rd Party Insureds Lawful Lawful Fair and Transparent 3rd Party Claimants Lawful Lawful

Policy Holder/Insured Core Business Purpose 3 Fair and Transparent Policy Holder/Insured Lawful Lawful Claims Process Fair and Transparent 3rd Party Insureds Lawful Lawful Fair and Transparent 3rd Party Claimants Lawful Lawful

Recap An imperfect position- how is it different to our current one? Stand united Insurance market will continue to lobby DCMS International

Contact details Mark Williamson Partner Commercial Insurance Tel: +44 (0)20 7876 5341 E-mail: mark.williamson@clydeco.com Isabel Ost Senior Associate Data Protection Tel: +44 (0)20 7876 5313 E-mail: isabel.ost@clydeco.com

1,800 1st 360+ 45 Lawyers and fee earners worldwide Law Firm of the Year Legal Business Awards 2011 Partners worldwide Offices across Europe, Americas, Middle East, Africa and Asia. Clyde & Co LLP accepts no responsibility for loss occasioned to any person acting or refraining from acting as a result of material contained in this summary. No part of this summary may be used, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, reading or otherwise without the prior permission of Clyde & Co LLP. © Clyde & Co LLP 2018

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.