General Data Protection Regulation

  • By CHRIS BATE
  • 27 Nov, 2017

GDPR - Are you prepared ?

GDPR – are you prepared?

Posted: 14 November 2017

At a glance

The General Data Protection Regulation (GDPR) is due to come into force on 25 May 2018.

GDPR represents an important strategic risk for all organisations, requiring significant action in order to remain compliant

We look at GDPR’s key provisions and how you can help your customers prepare

The countdown has begun to the European General Data Protection Regulation (GDPR). Coming into force from 25

May 2018, this major piece of legislation establishes a new legal framework for the management of personal data.

Significant work is required to ensure compliance by the 2018 deadline, and organisations should already be well under way in

their preparations. We look at what steps your customers should be taking now in response to GDPR and how you can help them in their

preparations.

GDPR at a glance

GDPR represents the biggest shake up of data protection laws in 20 years. It is a Europe-wide piece of legislation, applying to all European Union (EU) Member States.

The UK government has confirmed that the decision to leave the EU will not affect organisations’ need to comply.

GDPR makes a number of important changes to our existing framework (currently governed, primarily, by the Data Protection Act 1998), including:

  • Wider scope – applies not only to organisations established in the EU, but also those outside who process certain types of personal data
  • Operations – organisations must adapt a privacy by design approach, demanding a comprehensive review and enhancement to all systems, processes, products and services to meet GDPR standards
  • Sanctions – tougher enforcement and significantly higher fines of up to €20m or 4% of group turnover
  • Wider definition – personal data covers any identifiers relating to a person, including location data, IP addresses and cookies
  • Lawful processing – GDPR raises the bar on when organisations can lawfully collect and process personal data
  • Consent – new rules on what constitutes consent (in particular, the need for active, not passive consent) and the need to refresh consent for any existing data that does not meet GDPR standards
  • Transferring – stricter conditions for when data can be transferred between entities, particularly outside the EU
  • Breach notification – new requirements and tighter deadlines to notify both supervisory authorities and affected persons of data breaches
  • Subject rights – greater rights for data subjects, including rights of erasure of erroneous data
  • Internal governance – requirement for certain organisations to formally appoint a Data Protection Officer, including prescribed duties and responsibilities
  • Accountability – a large focus on the need to evidence compliance

12 steps to preparation

GDPR is not simply a question of compliance; it requires organisations to completely transform the way they collect, store, process and share personal data.

The Information Commissioner’s Office (ICO) – the UK’s independent authority governing data protection – has issued the following 12 steps that organisations need to take now in preparation for the 25 May 2018 deadline.

  1. Awareness – key people in the organisation should be aware of GDPR and its implications.
  2. Information held – create an Information Asset Register to fully understand what information you hold, where it came from, how it is stored and who it is shared with.
  3. Communication – review current privacy notices and plan how you will change them in response to GDPR.
  4. Individuals’ rights – ensure internal procedures can respond to the new rights of individuals.
  5. Subject access requests – update procedures to meet new timescales and requirements.
  6. Lawful basis – identify your lawful basis for processing any data. Document this and update privacy notices to explain it.
  7. Consent – review how you seek, record and manage consent. Refresh existing consent if it does not meet GDPR standards.
  8. Children – understand whether you need new systems to verify individuals’ age or obtain parental or guardian consent.
  9. Data breaches – establish procedures to effectively detect, report and investigate breaches.
  10. Protection by design – familiarise yourself with the ICO’s guidance on Privacy Impact Assessments and Article 29.
  11. Data Protection Officer (DPO) – designate someone to take responsibility for GDPR compliance and how they will sit within the organisation. Establish whether a DPO must be formally appointed.
  12. International – if you process data across borders, determine your lead supervisory authority.

Many behind schedule

As the ICO’s 12 steps demonstrate, significant work is needed to prepare for GDPR. However, according to a recent survey, a quarter of organisations are either still unaware of the regulation, or have not yet begun their preparations.

“It takes anywhere from nine to 12 months for an average organisation to achieve GDPR compliance,” says Anthony Connolly, Strategic Risk Consultant at Zurich.

“With less than eight months now to go, it is a concern that so many organisations remain unprepared for this major change to our data protection laws.”


By CHRIS BATE 18 Jan, 2018

Even the most competent skiers and snowboarders can be involved in collisions or accidents, so Aviva has compiled some advice to help keep people safe on their winter breaks:

  • When selecting winter sports travel insurance, make sure it meets your needs before you buy it. Keep your travel insurance medical emergency helpline number and your policy number to hand.
  • If you've not skied before or you haven't been on the piste for a while, make sure you have a lesson or two.
  • Carry a fully charged mobile phone with you.
  • Don’t drink and ski – one drink with lunch is okay, but too much alcohol will slow down your reactions and impair your observation and balance.
  • Remember to take an EHIC card. It still offers state-provided emergency medical treatment in EEA countries.

For further information on keeping safe on the slopes visit the FIS (International Ski Federation) website .

In addition, when skiing downhill, you can travel at speeds equivalent to cycle racing – so protective headgear or helmets are highly recommended.

Also, always be aware of your immediate surroundings, and remember: snowboarders and skiers follow different lines down the mountain, so take particular care when you turn.

Always follow all safety guidelines, including those set by the resort, and use the necessary safety equipment.

Bindings

Most leg and knee injuries result from incorrectly adjusted ski bindings. The suitable DIN setting is a complicated equation based on ability, age, height, boots and weight. You will need to know – and be honest – about these, to ensure the bindings are set correctly. Ideally, calculate your own setting and remember it for next time.

Ice

Your skis must be properly tuned, especially in hard-packed snow. The soft snow can eventually get scraped off the lower slopes, especially where artificial snow cannons have been used. This can leave large expanses of ice. Try not to turn on the ice – instead, ski on to the powdered snow beyond it.

Weather

Weather conditions in the mountains can dramatically change within minutes, so you need to be prepared:

  • Good gloves are essential
  • Wear a helmet
  • Several layers of clothing are better than one

In low temperatures, watch out for unnaturally white patches on the faces of anyone skiing with you. These could be signs of primary frostbite. Break often for hot drinks and thaw out with body heat and massage. Never put affected hands or feet on radiators or in hot water.

Off-piste & avalanches

Aviva won’t provide insurance cover for off-piste skiing, unless accompanied by a qualified guide at all times and only in areas that the resort management consider to be safe. Even then, in early snow, watch out for tree stumps and rocks.

Mountains are full of hidden dangers, so they must be respected accordingly. You alone are responsible for your own safety.

Set the highest standard of protection

Give your clients the assurance that their world is protected. Winter Sports cover is included as standard with Aviva Private Clients travel cover, which is perfect for your clients who love to ski or snowboard.

Our Aviva Private Clients travel cover can be added to a Distinct home policy and offers:

  • Cover from the moment your clients book their trip until they return for all their trips up to a maximum trip duration of 90 days.
  • 24-hour helpline with an experienced team on hand to help with:
  • worldwide medical emergencies and associated expenses covers up to £10million
  • Replacement of lost or stolen travel documents
  • Tracing lost or delayed luggage.
  • If your client does need to make a claim, Aviva will deal with it quickly and fairly. Aviva also aims to pay hospital fees direct so your client can receive the treatment required without having to worry about the payment of medical bills.
  • Your clients are welcome to use Aviva's travel assistance helpline before and during their trip away.
  • The cost of cancellation charges are covered up to £15,000.

For more information on Aviva Private Clients, have a look at the Aviva Private Clients Prospectus  or contact your Aviva sales manager.

By CHRIS BATE 19 Dec, 2017
By CHRIS BATE 12 Dec, 2017
PREMIUMS FROM £150 plus IPT
By CHRIS BATE 27 Nov, 2017

GDPR – are you prepared?

Posted: 14 November 2017

At a glance

The General Data Protection Regulation (GDPR) is due to come into force on 25 May 2018.

GDPR represents an important strategic risk for all organisations, requiring significant action in order to remain compliant

We look at GDPR’s key provisions and how you can help your customers prepare

The countdown has begun to the European General Data Protection Regulation (GDPR). Coming into force from 25

May 2018, this major piece of legislation establishes a new legal framework for the management of personal data.

Significant work is required to ensure compliance by the 2018 deadline, and organisations should already be well under way in

their preparations. We look at what steps your customers should be taking now in response to GDPR and how you can help them in their

preparations.

GDPR at a glance

GDPR represents the biggest shake up of data protection laws in 20 years. It is a Europe-wide piece of legislation, applying to all European Union (EU) Member States.

The UK government has confirmed that the decision to leave the EU will not affect organisations’ need to comply.

GDPR makes a number of important changes to our existing framework (currently governed, primarily, by the Data Protection Act 1998), including:

  • Wider scope – applies not only to organisations established in the EU, but also those outside who process certain types of personal data
  • Operations – organisations must adapt a privacy by design approach, demanding a comprehensive review and enhancement to all systems, processes, products and services to meet GDPR standards
  • Sanctions – tougher enforcement and significantly higher fines of up to €20m or 4% of group turnover
  • Wider definition – personal data covers any identifiers relating to a person, including location data, IP addresses and cookies
  • Lawful processing – GDPR raises the bar on when organisations can lawfully collect and process personal data
  • Consent – new rules on what constitutes consent (in particular, the need for active, not passive consent) and the need to refresh consent for any existing data that does not meet GDPR standards
  • Transferring – stricter conditions for when data can be transferred between entities, particularly outside the EU
  • Breach notification – new requirements and tighter deadlines to notify both supervisory authorities and affected persons of data breaches
  • Subject rights – greater rights for data subjects, including rights of erasure of erroneous data
  • Internal governance – requirement for certain organisations to formally appoint a Data Protection Officer, including prescribed duties and responsibilities
  • Accountability – a large focus on the need to evidence compliance

12 steps to preparation

GDPR is not simply a question of compliance; it requires organisations to completely transform the way they collect, store, process and share personal data.

The Information Commissioner’s Office (ICO) – the UK’s independent authority governing data protection – has issued the following 12 steps that organisations need to take now in preparation for the 25 May 2018 deadline.

  1. Awareness – key people in the organisation should be aware of GDPR and its implications.
  2. Information held – create an Information Asset Register to fully understand what information you hold, where it came from, how it is stored and who it is shared with.
  3. Communication – review current privacy notices and plan how you will change them in response to GDPR.
  4. Individuals’ rights – ensure internal procedures can respond to the new rights of individuals.
  5. Subject access requests – update procedures to meet new timescales and requirements.
  6. Lawful basis – identify your lawful basis for processing any data. Document this and update privacy notices to explain it.
  7. Consent – review how you seek, record and manage consent. Refresh existing consent if it does not meet GDPR standards.
  8. Children – understand whether you need new systems to verify individuals’ age or obtain parental or guardian consent.
  9. Data breaches – establish procedures to effectively detect, report and investigate breaches.
  10. Protection by design – familiarise yourself with the ICO’s guidance on Privacy Impact Assessments and Article 29.
  11. Data Protection Officer (DPO) – designate someone to take responsibility for GDPR compliance and how they will sit within the organisation. Establish whether a DPO must be formally appointed.
  12. International – if you process data across borders, determine your lead supervisory authority.

Many behind schedule

As the ICO’s 12 steps demonstrate, significant work is needed to prepare for GDPR. However, according to a recent survey, a quarter of organisations are either still unaware of the regulation, or have not yet begun their preparations.

“It takes anywhere from nine to 12 months for an average organisation to achieve GDPR compliance,” says Anthony Connolly, Strategic Risk Consultant at Zurich.

“With less than eight months now to go, it is a concern that so many organisations remain unprepared for this major change to our data protection laws.”


By CHRIS BATE 27 Nov, 2017

PLEASE NOTE OUR CHRISTMAS & NEW YEAR OPENING HOURS ARE AS FOLLOWS:


Thursday 21st December 9am – 5.15pm

Friday 22nd December  9.00am – 12.30pm

Saturday 23rd December CLOSED

Sunday 24th December CLOSED

Monday 25th December  CLOSED

Tuesday 26th December  CLOSED

Wednesday 27th December   9.30am – 1.00pm

Thursday 28th December   9.30am – 1.00pm

Friday 29th December   9.30am – 1.00pm

Saturday 30th December CLOSED

Sunday 31st December CLOSED

Monday 1st January   CLOSED

Tuesday 2nd January   9.00am – 5.15pm

By CHRIS BATE 21 Sep, 2017

Please check out our Autumn Risk Management Bulletin which has been produced in conjunction with Insurer Aviva. It covers topics such as Rear End Crashes, Engineering Inspection, Slips Trips & Falls, Patio Heaters, and Escape of Water Claims. Hopefully it will give you some useful advice.

By CHRIS BATE 20 Sep, 2017

The Chancellor of the Exchequer has announced that, effective from 1st June 2017, Insurance Premium Tax (IPT) would rise from 10% to 12%

Share by: