WPS response in relation to GDPR Regulations which are effective on 25th May 2018
This is an issue which we have been preparing for, since mid-2017 at a senior management level. We are committed to complying with the principles of GDPR and have taken advice from a number of sources including:-
- Legal advisors
- Our trade organisation BIBA
- A specific project team within our alliance of UNA
- Direct consultation with the Information Commissioners Office (ICO)
You are welcome to view our Privacy Notice at https://www.wpsinsurance.co.uk/privacy/. Our Terms of Business includes GDPR considerations.
We have, as part of our compliance project, completed a data protection impact analysis/risk assessment and as a result of this have taken a number of actions. We will continue to review our data risk management and take appropriate action where relevant. These actions include:-
- Amending and controlling the automatic facilities of email e.g. auto population of email address
- Training of staff
- Improving physical security of the interior of our offices where client records are held
- Launching a clear desk policy
- Seeking reassurance of compliance from suppliers such as our software providers for client data management
- Secure destruction of obsolete data
We acknowledge that there may be ongoing alterations to the regulations as we currently understand them and we will of course monitor how any such changes may have further impact upon our procedures and practices.
In terms of insurance, a number of the insurance products which you may have already in place will provide protection against liability arising from a breach of your obligations under the GDPR.
For example, it is common for the following classes of commercial insurance to include cover for legal defence in relation to Data Protection which the market is generally extending to include GDPR:-
- Legal Expenses Insurance
- Public Liability Insurance
- Professional Indemnity Policies
- Directors & Officers Liability/ Management Liability
We would also recommend specific Cyber/Data Risk policies as these can also include cover for fees you incur to manage any breach response as well as liability for privacy breach claims. In addition such policies can include cover for your own business interruption/income loss due to an impact on your own data systems, website etc.
WPS are committed to compliance with GDPR and will continue to review our own obligations, responsibilities and management of risks.
NB – Fines/Penalties:
At present there is some uncertainty as to whether penalties/fines will be covered by insurers as these are designed by regulators to penalise non-compliance.