At Zurich we take our data protection obligations extremely seriously and the security of our customer data is very important to us. We rely on personal data to accurately and effectively assess risk and provide customers with cover that meets their needs. We are currently working through the detail of the new EU General Data Protection Regulation to ensure we continue to deliver good outcomes for our customers when it takes effect from 25 May 2018.
What is GDPR?
The General Data Protection Regulation, more commonly known as GDPR, is the new EU-wide law which applies directly to the UK. Here are some of the key changes in the new regulation:
It will apply to all EU member states from 25 May 2018, including the UK as GDPR will apply prior to BREXIT.
It applies globally to all organisations processing the personal data of EU subjects and to all EU Member state organisations where they are acting as controllers of that personal data regardless of the location of the data subject.
Significant new rights for data subjects including the right to seek compensation and rights to erasure and accurate representation. Here is the full list of individual rights.
Significant fines for companies in the event of an infringement of the Regulations of up to 20million euros or, in the case of an undertaking, 4% of annual global turnover.
Consent requirements have also been toughened. Organisations will be required to evidence that they have a legitimate basis for processing Personal data or that customers have given their consent. This is to ensure customers have more control over the use of their personal data.
To find out more about the regulation and to assess your own readiness we rel="noopener noreferrer" recommend you visit the Information Commissioner’s Office (ICO) website to find out more.
Our GDPR programme is well established and will ensure our alignment on regulatory interpretation to enable delivery of GDPR compliance specifically taking care of the individuals rights and freedoms, transparency of our data processing and where applicable carrying out Privacy Impact Assessments.
For more information, read our FAQ's