Large parts of the industry have not made adequate plans for the new regulation in May

This is our most confident prediction for the year. Whilst some companies within the insurance sector have made good progress towards GDPR compliance, we know that there are large parts of the industry that have not made adequate plans for compliance with the new Regulation by May 2018.

Whilst many businesses within the insurance sector will miss the May deadline, it is never too late to start a GDPR compliance project. Confusion on how to tackle GDPR, compounded by poor advice from unqualified consultants, has led to the industry's slow progress towards GDPR compliance. But, in reality, it should be possible for the sector to properly grasp the important task of getting GDPR compliant through: (1) having a good understanding of its core business, (2) obtaining an overall picture of how the sector collects and uses personal data and (3) then analysing how the sector uses personal data against an article by article understanding of GDPR. This approach should set the industry on the right path to compliance with the biggest change in data protection laws in more than a generation – with the penalties for failing to comply too large for the industry as a whole to ignore.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.