Home / Insight / Keoghs GDPR Update - December 2017

Keoghs GDPR Update - December 2017

04/12/2017

Background

Keoghs’ programme of works to prepare for the EU General Data Protection Regulation (GDPR)* is well underway and the firm has already taken steps to comply with the spirit of the regulation in advance of it becoming enforceable. We have measures in place to protect the information security of data as well as adequately protect the personal data managed as part of its operations.

The intention is that this project will ensure Keoghs’ staff, systems and processes are GDPR ready before May 25 2018 when the regulations come into force, having already established an embedded legacy of compliance in the firm’s operational processes, culture and behaviours.

These goals are supported by the executive, and there is a timed strategic plan already in effect to deliver pragmatic readiness for the GDPR.

Project Overview

The GDPR Readiness project has been assigned Priority One status within the business and is actively supported by the Chief Executive Officer (John Whittle), sponsored by the Operations Director (Allison Carr) and owned by the Chief Information Officer (John Salt).

To assist the team above, Keoghs has enlisted the dedicated help and support of a range of consultancy services. This will ensure that the correct expertise and support is in place to provide every opportunity for success, including a dedicated external GDPR Management Consultant who will work within the business to manage and drive the delivery of the project across all business functions.

The project has aligned itself to the ICO’s best practice advice for approaching compliance, but also supplemented this with some best of breed GDPR delivery frameworks.

We have pursued every opportunity to understand the real world risks as they pertain to the services we provide. This includes the Regulation itself (including supplementary advice from the EU Article 29 Working Party and the ICO), balanced with our clients’ interpretations and requirements, wherever relevant.

The high-level project delivery elements have therefore been identified as follows:

  1. Ensure that Keoghs’ systems and operations are compliant with the EU GDPR in advance of May 25 2018
  2. Match the firm's information security against industry best practice and certify where practicable
  3. Create a culture of data protection and privacy by design which is embedded in the way we work, manage and recruit going forward

Progress as of December 2017

Project works have been fully operational since August 2017 with the scoping phase completed in September 2017 followed by the design and planning phases which are due for completion in December 2017.

To date, we have mostly undertaken the supporting and analysis based works to ensure we understand the risks and can prioritise of the longer-term deliverables effectively.

Key actions completed include:

  • 30+ Project Owners and Sponsors appointed across all areas of the business
  • GDPR Gap Analysis undertaken
  • Project scope agreed
  • 3rd Party information security audit carried out
  • Data Protection Officer (DPO) role requirement agreed, and responsibilities defined

With the following works already underway and ongoing:

  • Internal user training and awareness campaign
  • Digital data e-discovery and analysis
  • Dark data identification and remediation
  • Data process mapping
  • Supplier due diligence
  • Client engagement 

We are on schedule to start the delivery phases in December as planned and confidence of success is high.

Keoghs GDPR Statement

Keoghs appreciates the importance of the prudent management of all its data and as such has embraced the EU General Data Protection Regulation (2016/679) as an extension of the UK Data Protection Act (1998). As a firm, Keoghs is taking all steps to ensure compliance with the regulation in advance of 25 May 2018. While there is no official certification of compliance, we are confident from the analysis and work undertaken already that the firm will be able to ensure a suitable level of conformity in line with the regulation and the ICO’s guidance.

As a firm, we commit to keeping our clients and partners up-to-date on our progress as well as make a statement when we believe we have achieved a suitable level of compliance with the regulation.

Further Information

For further information on Keoghs GDPR journey, please contact your client account manager or see our dedicated GDPR webpage at https://www.keoghs.co.uk/GDPR for updates.

**The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue based. The General Data Protection Regulation covers all companies that deal with the data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other regulated companies. GDPR will come into effect across the EU on May 25, 2018

Author

Keoghs

Stay informed with Keoghs

Sign-up

Our Expertise

Casualty

Complex

Corporate and Sector Risks

Legacy

Motor

Vr

Claims Technology Solutions

Disrupting claims management with innovation & technology

 

The service you deliver is integral to the success of your business. With the right technology, we can help you to heighten your customer experience, improve underwriting performance, and streamline processes.

Find out more

We use necessary cookies to make our site work. We'd also like to set analytics cookies that help us make improvements by measuring how you use the site. These will be set only if you accept. For more detailed information about the cookies we use, see our privacy policy.

Reject cookies Accept all & close