Networking News

Are you ready for the new General Data Protection Regulations?

25th of May, 2018. That’s the deadline businesses have been given to comply to the new General Data Protection Regulations (GDPR). This applies to all organisations that store personal data, and will therefore naturally apply to all insurance brokers.

The advice across the industry is to be proactive rather than reactive, and start preparations now if you haven’t already got the ball rolling. Our Compliance team provide Broker Network Members with guidance and updates on the requirements, but for anyone without access to these services, the Information Commissioner’s Office (ICO) has compiled a great list of the 12 steps you should be taking.

The 12 Steps to prepare for the GDPR


1. Awareness

Make sure decision makers and key people across the organisation are aware of the law changes and understand the impact they will have. This could have significant resource implications, especially for larger organisations.

2. Information you hold

Document the information you have on record: you need to know where it came from and who it is shared with.

3. Communicating privacy information

Review your current privacy notices to highlight any areas that need updating before the new regulations come into force.

4. Individual’s rights

Ensure your procedures cover all the rights individuals have, for example how personal data is deleted and how it can be provided electronically in an accessible format.

5. Subject access requests

Update your procedures to plan how you will handle any requests including new timescales and additional information. Consider the logistical implications this might have too.

6. Lawful basis for processing personal data

Identify the lawful basis for your processing activity in the GDPR, document it, and update your privacy notice to explain it.

7. Consent

Review how you seek, record, and manage consent and whether you need to make any changes. Your existing consents might not meet the new standards, so you will also need to investigate and potentially refresh existing records.

8. Children

Think whether you need to put age verification systems into place and whether parental / guardian consent is required.

9. Data breaches

Put the right procedures in place to detect, report, and investigate data breaches.

10. Data protection by Design and Data Protection Impact Assessments

Familiarise yourself now with the ICO’s code of practice on Privacy Impact Assessments as well as the latest guidance from the Article 29 Working Party, and work out how and when to implement them in your organisation.

11. Data Protection Officers

Designate someone to take responsibility for data protection compliance. Also consider whether you are required to formally designate a Data Protection Officer.

12. International

If your organisation operates in more than one EU member state (ie you carry out cross-border processing), you should determine your lead data protection supervisory authority. Article 29 Working Party guidelines will help you do this.

In full depth

Hopefully, you will find that you are already adhering to a number of these areas as part of the current DPA requirements. Some aspects of the GDPR will expect you to go further into taking accountability for your personal data though, so it is important to ensure your systems and controls are sufficient to accommodate the changes.

We recommend reading the ICO’s full guidance, which adds further details and resources to the 12 steps above: Preparing for the General Data Protection Regulation (GDPR) 


To learn more about Broker Network’s Risk & Compliance services and how we help independent insurance brokers comply with industry regulations, please get in touch


More Stories...

Member of the Month: Charlie Hicks, EIC Insurance Services

“You don’t lose your independence; if anything, it strengthens it and opens doors to markets you just wouldn’t be able to access otherwise.” We always believe our Members say it best, and this is what Charlie Hicks, Managing Director at EIC Insurance Services, said he would tell a broker who isn’t a Member.

Read more

Member of the Month: Justin Hevness, CP Walker & Son

CP Walker & Son joined the Network in 2000 and two years later, launched the Member exclusive Property Protector scheme. Having been Members for more than two decades, Justin Hevness, Insurance Division Manager, says being part of Broker Network during the pandemic has been especially “reassuring”. CP Walker & Son was founded in 1896 by […]

Read more