Presentation is loading. Please wait.

Presentation is loading. Please wait.

Are you processing personal data lawfully?

Published byVerawati Iskandar Modified over 6 years ago

Similar presentations

Presentation on theme: "Are you processing personal data lawfully?"— Presentation transcript:

1 Are you processing personal data lawfully?
19 January 2018 Mark Williamson and Isabel Ost, Clyde & Co LLP

2 Introduction to the General Data Protection Regulation and the Data Protection Bill
Context Aims Scope/Timings

3 What does the GDPR cover?
New Principle of Accountability Data Protection Principles Data Handling Obligations Legal Basis for Processing & Consent Security Data Subject Rights & Privacy Policies Breach Notification Data Protection Officers Enforcement

4 The Seven Data Protection Principles
Lawfulness, Fairness and Transparency Purpose Limitation Data Minimisation Accuracy Storage Limitation Integrity and Confidentiality Accountability

5 Top GDPR Challenges for the insurance market
Lawful and transparent processing Data breach notification Data subject rights International data transfers

6 What does lawful, fair and transparent mean?
You have to justify each piece of Personal Data you process with a specific rule Lawful Fair and transparent You have to provide certain information to the data subject and give them certain rights

7 What does “personal data” mean for the insurance sector?
What’s at risk? €20million or 4% of worldwide turnover whichever is greater Personal Data Touchpoints Business Core Purposes Quotation/Inception Policy administration Claims processing Business Secondary Purposes Marketing Wider risk analysis Product improvements Support HR – Employee personal data IT Legal Compliance Third party advisers

8 Personal Data flows through the insurance market
3rd Party Claimants 3rd Party Insureds Policy holder/Insured Processing Broker Insurer Reinsurer

9 Are you a “Data Controller” or a “Data Processor”
Are you a “Data Controller” or a “Data Processor”? Dealing with a misconception Can you be both? At the same time? Under the same contract? What does “Joint Controllers” mean?

10 Fair and Transparent: Information Notices
Controller must “take appropriate measures” to provide the privacy notice Must be in a “concise, transparent, intelligible and easily accessible form, using clear and plain language” Two lists of information to be provided: when you are collecting the information from the individual – when? when a third party passes on that information to you – when? Solution – LMA Privacy Notice

11 Lawful: Key justifications
Personal data Special categories of data 1 Consent Explicit Consent 2 Performance of a contract with the data subject Legal claims 3 Legitimate interests In substantial public interest & set out in UK law

12 Consent: A higher standard
Separate and distinct Clear, demonstrable, freely given & capable of withdrawal Revocable When not necessary, not conditional

13 The challenges around consent
Getting it: Chain Data subjects where the insured is a Corporate and not the data subject Imbalance of power- is it “freely given”? Once you have it: Right to withdraw Consequences of withdrawal

14 Can you justify your processing with another lawful basis?
Ordinary Personal Data: Performance of a contract with the data subject Legitimate interests Special Category Data: Legal claims In the substantial public interest and set out in UK law The insurance derogations

15 Policy Holder/Insured
Core Business Purpose 1 Fair and Transparent Policy Holder/Insured Lawful Lawful Quotation/Inception Fair and Transparent 3rd Party Insureds Lawful Lawful Fair and Transparent 3rd Party Claimants Lawful Lawful

16 Policy Holder/Insured Policy Administration
Core Business Purpose 2 Fair and Transparent Policy Holder/Insured Lawful Lawful Policy Administration Fair and Transparent 3rd Party Insureds Lawful Lawful Fair and Transparent 3rd Party Claimants Lawful Lawful

17 Policy Holder/Insured
Core Business Purpose 3 Fair and Transparent Policy Holder/Insured Lawful Lawful Claims Process Fair and Transparent 3rd Party Insureds Lawful Lawful Fair and Transparent 3rd Party Claimants Lawful Lawful

18 Recap An imperfect position- how is it different to our current one?
Stand united Insurance market will continue to lobby DCMS International

19 Contact details Mark Williamson Partner Commercial Insurance Tel: +44 (0) Isabel Ost Senior Associate Data Protection Tel: +44 (0)

20 1,800 1st 360+ 45 Lawyers and fee earners worldwide
Law Firm of the Year Legal Business Awards 2011 Partners worldwide Offices across Europe, Americas, Middle East, Africa and Asia. Clyde & Co LLP accepts no responsibility for loss occasioned to any person acting or refraining from acting as a result of material contained in this summary. No part of this summary may be used, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, reading or otherwise without the prior permission of Clyde & Co LLP. © Clyde & Co LLP 2018

Download ppt "Are you processing personal data lawfully?"

Similar presentations

Please note: This is a PowerPoint 2003 file. Do not work on this file in PowerPoint 2007 or 2010. It will distort the template settings in this file (EVEN.

Please note: This is a PowerPoint 2003 file. Do not work on this file in PowerPoint 2007 or It will distort the template settings in this file (EVEN.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Please note: This is a PowerPoint 2003 file. Do not work on this file in PowerPoint 2007 or 2010. It will distort the template settings in this file (EVEN.

Please note: This is a PowerPoint 2003 file. Do not work on this file in PowerPoint 2007 or It will distort the template settings in this file (EVEN.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Please note: This is a PowerPoint 2003 file. Do not work on this file in PowerPoint 2007 or 2010. It will distort the template settings in this file (EVEN.

Please note: This is a PowerPoint 2003 file. Do not work on this file in PowerPoint 2007 or It will distort the template settings in this file (EVEN.
Twelve Guiding Principles for the Regulation of Surveillance Camera Systems Presented by: Alastair Thomas Date: 23 rd October 2013.

Twelve Guiding Principles for the Regulation of Surveillance Camera Systems Presented by: Alastair Thomas Date: 23 rd October 2013.
INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation.

INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Data protection—training materials [Name and details of speaker]

Data protection—training materials [Name and details of speaker]
Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.

Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Preparing for the GDPR Helping us to help you.

Preparing for the GDPR Helping us to help you.
Contracts – the small print

Contracts – the small print
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
Key changes with the GDPR

Key changes with the GDPR
The future of data protection: General Data Protection Regulation

The future of data protection: General Data Protection Regulation
GDPR (General Data Protection Regulation)

GDPR (General Data Protection Regulation)
Overview General Data Protection Regulation (GDPR)

Overview General Data Protection Regulation (GDPR)
Microsoft 365 Get help with regulatory compliance

Microsoft 365 Get help with regulatory compliance

Similar presentations

Ads by Google