May 9, 2018
Why am I always being asked to stay in touch?
As of 25 May 2018, the GDPR comes into force and new obligations will apply to the collection, processing and retention of personal data
How many emails have you received in the last few months asking you to renew your consent to all sorts of newsletters? Unless you don’t have an email address and live in a cave, you should have received quite a few. Your banker, your insurance company, your financial advisor all seem to have passed on the word! Where does this sudden renewed interest in your opinion come from?
The answer is four letters: GDPR (the General Data Protection Regulation).
What’s the GDPR about?
This new European regulation comes into force on 25 May 2018. It aims to unify the way consumers’ data across the European Union is collected and processed, while reinforcing their rights, complete with dissuasive penalties in the event of non-compliance (4% of the business’ overall turnover or a Euro 20 million fine in the worst cases). It applies to all businesses that process personal data, from bankers to mechanics, sport clubs to Telecom giants.
Why GDPR?
In recent years, the digitalisation of our society has brought about major changes in the way we interact on the web and the online economy is largely fuelled by the personal data we put out there without too much thought. You’ve probably wondered why you receive emails from companies you have never contacted? Until today, companies’ privacy policies remained quite vague on how they would use the data they request from you, which enabled unscrupulous companies to use it for one or more purposes and transfer or even sell it to third parties without any particular regard for the consent of the persons concerned.
Today, with the entry into force of GDPR, citizens will gain various rights, such as:
- The right to transparency as to the purposes of the processing of their personal data
- The right to access their personal data and rectify it
- The right to request that the data be deleted or that its processing be limited, for example if the person withdraws consent to the processing, if the processing is illegitimate or if the data is not necessary for the purpose of the processing.
- The right to transfer their data to other operators
Companies will be required to facilitate the exercise of these rights by appointing a Data Protection Officer (DPO), who will be their single point of contact for any request relating to personal data protection.
OneLife has appointed a DPO who you can contact at: dpo@onelife.com .
Challenges for insurers and their partners
The different actors of the financial market will not only have to implement the various principles that underpin any processing of personal data, such as the principle of lawful processing, transparency and access to the data, but they must also be able to skilfully balance the collection of data needed to fulfil their various regulatory obligations with the principle of data minimisation and retention.
Because of regulations such as the Insurance Distribution Directive (IDD), which will apply to insurance intermediaries from October 2018, as well as the law of 13 February 2018 on the fight against money laundering and the financing of terrorism, a large amount of personal data must be collected, for clear and legitimate purposes, to obtain the required knowledge on the investor.
However, this data collection will follow the principles of GDPR, including:
- data minimisation: it will be the broker or insurer’s responsibility to carefully establish where the need to collect this information ends so as not to gather more data than necessary
- limiting the processing of the data collected to the sole purposes set out by these regulations. In other words, the data cannot be used for commercial purposes without the investor’s consent
- retention of information, requiring that personal information is not kept for longer than necessary
- data processing with the greatest care by applying robust security rules so that it is not subject to any breaches
OneLife stands by its partners to accompany and guide them through the implementation of these new obligations, and by its customers to meet their needs and promote their rights.