WPS response in relation to GDPR Regulations
This is an issue which we have been preparing for at a senior management level. We are committed to complying with the principles of GDPR and have taken advice from a number of sources including:-
- Legal advisors
- Our trade organisation BIBA
- A specific project team within our alliance of UNA
- Referral to the Information Commissioners Office (ICO)
We have updated our Data Retention Policy and Data Protection Policy
We have, as part of our compliance project, completed a data protection impact analysis/risk assessment and as a result of this have taken a number of actions. We will continue to review our data risk management and take appropriate action where relevant. These actions include:-
- Amending and controlling the automatic facilities of email e.g. auto population of email address
- Training of staff
- Improving physical security of the interior of our offices where client records are held
- Launching a clear desk policy
- Seeking reassurance of compliance from suppliers such as our software providers for client data management
We acknowledge that there may be ongoing alterations to the regulations as we currently understand them and we will of course monitor how any such changes may have further impact upon our procedures and practices.
As a client of WPS, all personal data handled on your behalf by us will be on the lawful basis of contract performance.
Processing of data you provide is in relation to the broking, arrangement, placement and premium payment of insurance contracts.
In order to perform our services to you it will be necessary to share your data with other parties e.g. insurers.
Your data will not be transferred outside of the EEA by us.
Our Data ‘champion’ is Colin Watts FCII, Director – firstname.lastname@example.org
Insurance Cover for Data/GDPR
In terms of insurance, a number of the insurance products which you may have already in place will provide protection against liability arising from a breach of your obligations under the GDPR.
For example, it is common for the following classes of commercial insurance to include cover for legal defence in relation to Data Protection which the market is generally extending to include GDPR:-
- Legal Expenses Insurance
- Public Liability Insurance
- Professional Indemnity Policies
We would also recommend specific Cyber/Data Risk policies as these can also include cover for fees you incur to manage any breach response as well as liability for privacy breach claims – in so far as this is allowed by courts. In addition such policies can include cover for your own business interruption/income loss due to an impact on your own data systems, website etc.
Please speak with your nominated contact here if you require more specific advice
WPS are committed to compliance with GDPR and will continue to review our own obligations, responsibilities and management of risk.