The General Data Protect Regulation (GDPR) aims to strengthen and unify data protection for all individuals residing within the European Union.
This regulation also concerns the export of data outside the EU, which means that any country – anywhere in the world – will need to comply if they process European data.
Businesses are required to initially comply with the GDPR, but also need to demonstrate continued compliance and be able to report on their data processing.
The GDPR comes into effect on May 25th 2018. Non-compliance could result in fines of up to 4% of a company’s annual worldwide turnover or 20 million euros, whichever is higher.
The Information Commissioners Office (ICO) has stated that company Directors will be personally liable for failure to comply.
The GDPR principles set out the main responsibilities for organisations and requires that personal data shall be:
Processed lawfully, fairly and in a transparent manner in relation to individuals
Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
Accurate and, where necessary, kept up to date
Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
Processed in a manner that ensures appropriate security of the personal data
INSTANDA compliance with GDPR
Ability (for design screens user) to delete identifying data, or data held by consent for a given policy
Customer portal users should be shown a list of their quotes when retrieving quotes instead of receiving an email
Access rights for configurators to customer data
Audit log when that quote was retrieved and viewed, and by whom
When using the public 'Retrieve Quote' function, email a single-use, unguessable link to the person to retrieve their quote (rather than going directly to their quote)
Audit log deletion/masking of customer data
Specify period for which identifying data from an unconverted quote is retained. Separately, specify period for which identifying data from an expired or cancelled policy is retained.
Flag variable definitions according to whether they contain identifying data. Flag variables according to whether they contain data held only by the consent of the data subject.
Access rights for configurators to delete customer data
Users cannot view live customer data on the back-end without permission
Mask sensitive claims data
Audit log access to customer data
Design Site Audit Log View
Feel free to get in touch or email us if you have any questions regarding GDPR.
Get the latest insights from INSTANDA
Insurance Platform Provider INSTANDA raises $45 million to fund its next phase of growth