This page contains a Flash digital edition of a book.
In Focus Risk


UK, data transfer will likely be more complicated as the transfer will be considered outside the EU.


The weakest link In order for insurance companies to plan and implement effective systems and strategies to comply with the GDPR, an identification of the most vulnerable points in the data privacy ecosystem is required. Some of the weakest points in which


companies can become vulnerable at are dealing with companies outside the EU in countries where the level of cyber-security readiness is low and increasing employees’ awareness and compliance with these firms’ data protection policies. The research conducted by Consultancy


UK showed that 28% of the European businesses included in the study think that the GDPR made it more difficult to work with non-European companies. Hence, dealing with companies outside the


EU can cause a security risk for insurance companies operating in the UK. In addition, while insurance companies


may have their data privacy and security policies in place to comply with the GDPR, employees have access to different types of data including clients’ data via multiple devices such as smartphones and other Bring Your Own Devices (BYOD) which can be used for both work and personal- related purposes. Organisations whose employees use


mobile devices are exposed to vulnerabilities that could be highly disruptive for their businesses.


This means that companies need to


re-think their BYOD policies and ensure compliance.


The research conducted by Consultancy UK showed that 28% of the European businesses included in the study think that the GDPR made it more difficult to work with non-European companies


January 2020


Concluding remarks: the way forward Going forward, we suggest the following: l Find new and innovative methods to ensure employees’ commitment to keep data safe such as providing appealing rewards to those who deal with sensitive data externally and keep their devices secure. l Evaluate internal data governance policies and processes regularly to stay


compliant with GDPR and safe from data breach claims and fines. l Develop training programs and coaching sessions to build employees’ confidence and


www.CCRMagazine.com


ability in following GDPR rules and dealing with related security threats. l Carefully select new technologies and use them in a way that does not threaten data privacy and integrity. Some technologies might provide exciting capabilities of detecting fraud but they may introduce new types of threats or make GDPR compliance more difficult. l Initiate GDPR awareness-raising programs for partners, third parties, employees and clients to ensure compliance across the chain. l Prepare for another phase of changes in GDPR compliance and data security processes which will result from the Brexit, whenever it happens. CCR


39


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52