The GDPR adds additional complexity to the already heavily regulated Financial Services and Insurance sector.  Many of the GDPR’s requirements are complementary to existing legislation but special attention must be made to personal data protection.

Finance and insurance companies often process large amounts of personal data, often of a sensitive nature.  Particular attention must be paid to ensure it is only used for the intended purpose, that it is only shared in a controlled way and that it is retained and disposed of appropriately and in a timely fashion.

The use of data for profiling and automated decision making is also strictly legislated under the GDPR.

This page explains what data protection legislation means for finance & insurance organisations and the key areas they need to consider when managing personal data.

Alternatively click one of the options below to speak to us

 

Email Call

WHAT DOES THE LEGISLATION MEAN FOR FINANCE & INSURANCE ORGANISATIONS?

Like all other organisations, finance & insurance organisations must:

tick
Be transparent in the way they process personal data and accountable for doing so
tick
Be able to detect, manage, report and respond to data breaches including, if necessary, liaising with the Autoriteit Persoonsgegevens (AP)
tick
Understand the data they have, where it is stored and who has access to it
tick
Implement robust processes and procedures to protect personal data
tick
Allow users, data subjects and staff to:

  • Access the data stored on them
  • Ensure the data is correct and modify it as necessary
  • Have it deleted (unless needed for legitimate reasons)

tick
Appoint a designated data protection officer if they:

  • Are a public body
  • Process data on a large scale
  • Use the data for profiling or automated decision making

umbrella

IMPORTANT DATA PROTECTION CONSIDERATIONS FOR FINANCE & INSURANCE ORGANISATIONS

Finance and insurance organisations must protect personal data in a wide range of their operations.  Some major considerations include:

Complementary Regulations

  • Autoriteit Financiële Markten (AFM)
  • Banking regulations
  • Anti-money laundering regulations
  • Understanding audit and inspection requirements

Handling sensitive and special category data

  • Banking regulations
  • Anti-money laundering

Managing sensitive and special category

  • Data Protection Impact Assessments
  • Personal data, financial data, medical data, records of criminal convictions especially for Insurance

Multiple and legacy systems

  • Duplicated data held on multiple systems and data minimisation
  • Data retention and disposal
  • Mechanisms for handling Data Subject Access Requests (DSARs)

Administration

  • Email systems
  • Staff payroll, pension and HR records
  • Visitors’ book, access and CCTV

Data Security

  • Maintaining network and server security
  • Data encryption
  • Cyber security

Policies and agreements

  • Privacy, retention, cookie and data protection policies
  • Staff handbooks

Sharing data with others

  • Transfers with 3rd parties
  • Data transfers outside the EU
  • Data processing and data sharing agreements

Handling large quantities of data

  • Appointing a designated DPO
  • Profiling and automated decision making

Enquire Today

Fill in your details below and we’ll get back to you as soon as possible

Alternatively click one of the options below to speak to us

 

Email Call