The GDPR is coming, scaremongers have been amongst those constantly reminding us of this.
I decided to share some of my experiences and thoughts on GDPR with our Brokers as some of them may help you to understand what needs to be done.
I am not a compliance consultant and this is not a compliant article – it’s just me sharing what I have done for our business to ensure we will be GDPR compliant. I hope it may help some of you.
Reading, yes I have read a lot. I decided I wanted to understand the GDPR for myself and not be reliant on our compliance consultant or anyone else for getting it right.
The key documents I found useful were:
Oddly, the actual regulations from the EU were really helpful.
So, from this reading I realised one thing – the statement being branded about “if you are compliant with the DPA you will be fine and have little to do” is inaccurate. It was a myth I am glad I dispelled for myself.
I went on and created a checklist of things to review and to look at or create.
Now I have been carefully working through these and now have GDPR compliant versions of:
I am more than happy to share these with our Brokers so feel free to email me your request. They may help you, they may not!
Well, I am now working on the final phase of the new GDPR online and offset consent changes for GDPR and looking at our TOBA changes. I am confident we are already GFPR compliant which is great – but it has taken a lot of hard work.
Don’t leave this project until May 2018 because what is fundamentally different is that you have to have evidence in place now to show you are compliant – after the event or when you get a request from the ICO is not going to cut it. The ICO may well look to fine companies who are unable to show compliance and we are very likely be on their radar as an industry.
It continues to be a very interesting project with lots of work still to be completed.
Richard Burgess is a Director at ABACUS.