Updated Data Protection Statement

As noted, in our previous newsletter, the General Data Protection Regulation (GDPR) is effective from 25 May 2018. However, there are some issues that need to be addressed in advance of that date in order to ensure that firms are not in breach after May 2018. 

One of these is to update your client Terms of Business (ToB).to include the additional information required. 

You should update your ToB before 25th May this year in order to ensure that you can continue to process personal data, for policies which will be in force when the new regulations take effect.  

Please note that the statement does not allow you to process ‘Special Categories’ of personal data (including health information, if used for underwriting purposes). You will need a client’s explicit consent to process such data. 

You should also note that criminal convictions are currently treated as ‘Sensitive Data’, under the Data Protection Act, but seem not be considered a Special Category of data under the GDPR.  

The suggested paragraph, replacing the current data protection statement is included below. Please proceed to update your ToB now. If you need any help with this (or would like us to proof read the ToB) please get in touch. 

Revised Privacy Notice:

 Please note that if your ToB does not include your Company name and address, this will need to be added to the statement.

Protecting your Personal Data (data)

We are the Data Controller for the data you provide to us. We need to use your data in order to arrange your insurance and associated products and for marketing purposes (please let us know if you would prefer not to receive marketing information from us). You are obliged to provide information without which we will be unable to provide a service to you. We may pass your data to other organisations, such as insurers, auditors, external consultants, credit providers, banks, financial transaction processors, crime and fraud prevention agencies and databases and regulators. We process all data in the UK but where we need to disclose data to parties outside the European Economic Area (EEA) we will take reasonable steps to ensure the privacy of your data. In order to protect our legal position, we will retain your data for a minimum of 7 years. We have a Data Protection regime in place to oversee the effective and secure processing of your data. You can request copies of the data we hold, have it corrected, sent to a third party or deleted (subject to our need to hold data for legal reasons). If you wish to complain about how we have handled your data, you can contact us and we will investigate the matter. If you are not satisfied with our response or believe we are processing your data incorrectly you can complain to the Information Commissioner’s Office Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF Tel: 0303 123 1113