Should You Worry about the GDPR?
Undoubtedly you’ve received updated privacy terms and conditions in recent weeks from companies with which you interact (from banks to social networking sites). The revisions address the way companies slice and dice your personal information and web-surfing habits and what you can do about it. The catalyst? The General Data Protection Regulation (GDPR), a European regulation that took effect in May 2018.
Although it’s a European regulation, the influx of related messages has driven sudden interest within the independent agency community about whether the regulation applies. The short answer is: It depends (but probably not).
WHO DOES THE GDPR AFFECT?
The GDPR does not look at where the business collecting the information is located, but at where the individuals whose personal data is processed and held are located. In other words, if you’re not collecting information from European residents – and the vast majority of our members aren’t – this will not apply to you.
Very large brokers with an international reach will be impacted by the sheer nature of their operations, because they are selling to European customers in Europe, or because they cover European customers from the United States. The penalties for non-compliance, while tiered, are hefty enough to get any impacted company’s attention.
WHEN SHOULD YOU WORRY ABOUT GDPR?
If some of your customers have European exposures that make their way into your insurance programs, you may need to revisit your obligations and incorporate compliance with GDPR. Those customers should as well.
BOTTOM LINE: Even if GDPR doesn’t apply to you, you should focus on the privacy regulations that do: the privacy regulation’s Written Information Security Program, HIPAA’s Security Rule, data breach state notification requirements, and if you hold a non-resident license in New York, the N.Y. Cybersecurity Rule. (Note that other states will likely join New York in adopting a cybersecurity rule of their own – South Carolina just opened the first salvo – and non-resident licensees should expect to be impacted.)