SCOR is ready to implement the European General Data Protection Regulation
December 19, 2017
On May 25, 2018, the European General Data Protection Regulation (GDPR) will come into force. Conscious of the major challenges involved in implementing this regulation, SCOR has been preparing for it for more than a year.
The new authoritative European text on the protection of personal data will come into force on May 25, 2018. Adopted by the European Commission in 2016, the main objective of this text is to “give citizens back control over their personal data, and simplify the regulatory environment for business within the EU”. This reform updates and modernizes the existing framework, adopted in 1995, in the form of a general regulation on data protection.
For European companies, the coming into force of the GDPR has immediate, concrete impacts. In May 2018, these companies will need to have a clear overview of all the data they have collected, and to have implemented (or strengthened) data processing procedures and data security measures. Moreover, the regulation provides for the appointment of a Data Protection Officer (DPO), responsible for the correct application of directives. Failure to comply with the various measures set out in the text may lead to very heavy financial penalties, with a fine of up to 4% of the company’s global turnover.
How is SCOR preparing for this new regulation?
Given the nature of insurance and reinsurance, the impact of the GDPR on this sector is significant. As a global reinsurer, SCOR decided at a very early stage to anticipate these changes by taking a pragmatic approach. Thanks to the Group’s knowledge of risk, which is at the heart of its business, SCOR is at the forefront of personal data protection.
To anticipate the new regulation, SCOR has launched an internal GDPR project structured around 7 major areas – 4 relating to legal and compliance matters, and 3 dealing with the enhancement of data protection. These are:
- An exhaustive personal data processing inventory
- Privacy directives and risk assessment
- A data breach process
- Contract assessment
- Access control
- A retention/archiving strategy
- An encryption feasibility study
To find out more, watch the SCOR video below: