You are here

The new UK Data Protection Act and the GDPR

Changes in the legislative landscape for the processing of personal data

Twenty years after the first major piece of UK legislation to deal with personal data the UK now has a new focal point for information law: the Data Protection Act (2018).  The Act is the UK’s implementation of the General Data Protection Regulation (GDPR), enshrining it in UK law, clarifying the national derogations and extending data protection laws into areas not covered by the GDPR.  You can find out more about the Data Protection Act via the Information Commissioner's Office (ICO), the information regulator in the UK.

The GDPR brings new rights for individuals and greater responsibilities for organisations that manage personal data.  You can see how the IFoA has responded to these changes via our Privacy Notice and associated policies.  If we process your personal data you can review how we manage your data, how we secure it and how to exercise any of your information rights under the Act.

The principles of the GDPR

There are seven principles under the GDPR:

  • Lawfulness, fairness and transparency: the need to have a lawful basis for processing personal data and to be open with data subjects about how it will be used
  • Purpose limitation: the requirement to specify at the outset the purpose of the processing and safeguards to prevent the use of the data for other purposes without consent
  • Data minimisation: to ensure the data is adequate, relevant and limited to what is necessary for the processing
  • Accuracy: that the data is up to date, and kept that way
  • Storage limitation: the data should only be kept for as long as is necessary, and disposed of according to a set schedule
  • Security: this requires that data is held in conditions where ‘appropriate technical and organisational measures’ are in place
  • Accountability: this reflects the need to evidence compliance and take responsibility for processing data in line with the law

Individual rights

Separate provisions are made for the rights of the individual under the GDPR and the new Data Protection Act:

  • The right to be informed: the provision of clear privacy information at the point of collection
  • The right of access: the data subject's right to obtain a copy of any personal data held in a timely manner
  • The right to rectification: the right to have data corrected or completed
  • The right to erasure: the qualified right to have personal data permanently destroyed
  • The right to restrict processing: the qualified right to have processing of personal data limited or stopped altogether
  • The right to data portability: the right to have a copy of the data in a transferrable format
  • The right to object: the qualified right to have data processing stopped in certain circumstances
  • Rights in relation to automated decision making and profiling: rights around the use of profiiling and the right to challenge automated decision making

Resources and guidance

Following on from our risk alert at the start of 2018 further guidance was given in a specially commissioned event and webinar in London: 'Preparing for the GDPR'.  This session provided an overview of the key elements of the GDPR for an actuarial audience.  For guidance on specific matters relating to the position of data controllers or data processors where information is not available on the ICO website the ICO provide an enquiry service.

Research and further reading

As with any new legislation the GDPR and the 2018 Act will evolve as good practice, regulatory guidance and case law develop.  If you are interested in different perspectives on information privacy law you can sign up for updates from the ICO, or search for papers and articles on the GDPR and related matters.

Clubs and societies

As with the 1998 Act small clubs and societies will require to maintain compliance with the GDPR and the new Act.  Actuarial societies by their nature collect and store personal data and should take advantage of the guidance on the ICO website for small organisations.  The guidance around the 'Right to be informed' provides a template for a revised Privacy Notice, the means by which organisations communicate their approach to the collection and ongoing management of personal data as well as individuals rights in relation to it.  Societies should also be aware of the principles of the Act and the GDPR, in particular around purpose limitation, storage limitation and security.

Filter or search events

Start date
E.g., 09/12/2019
End date
E.g., 09/12/2019

Events calendar

  • The Great Risk Transfer – Breakfast briefing and launch event

    Staple Inn Hall, High Holborn London WC1V 7QJ
    31 January 2019

    Spaces available

    Launch of the IFoA’s 2020 thought leadership campaign The Great Risk Transfer. The campaign will examine the trend of the transfer of risk from institutions to individuals, and how people can be better equipped to manage the financial risks they now face. At this breakfast event the IFoA will launch a call for evidence on this topic.

  • Sessional Meeting - Silent Cyber Assessment Framework

    Staple Inn Hall, High Holborn, London, WC1V 7QJ
    9 December 2019

    Spaces available

    The (re)insurance industry is faced with a growing risk related to the development of information technology (IT). This growth is creating an increasingly digitally interconnected world with more and more dependence being placed on IT systems to manage processes. Note: Registration is from 17.30 in time for the sessional to begin at 18.00.

  • CPD Member Event in Shanghai, China

    Function Room, F39, S1 Fuson Group, the Bund Finance Centre, No.600 Zhongshang East 2nd Road, Huangpu District, Shanghai Chinese address:BFC外滩国际金融金融中心,S1复星集团,39层报告厅,上海中山东二路600号
    9 December 2019

    Spaces available

    The IFoA’s President-elect Tan Suee Chieh will visit Shanghai. We will host CPD and Awards Presenting event on Monday 9 December 2019. The event is part of Mr Tan’s first presidential trip to China.

  • Professional Skills Training - London (10 December 2019)

    Staple Inn, High Holborn, London WC1V 7QJ  
    10 December 2019

    Spaces available

    This event will be of interest to students and recently qualified actuaries.

    A 2 hour CPD event designed to meet the IFoA’s Stage 3 Professional Skills Training under the IFoA’s CPD Scheme 2019/2020.  The content and discussion at this session is particularly tailored to actuarial students and newly qualified actuaries working in any area and the format is interactive, so you should come along prepared to take part in the discussions with your peers.

  • IFoA Joint Member Event with the Sunshine Insurance Group, Beijing China

    Room TBC, Kuntai International Plaza, No.12, Chaowai Street, Chaoyang District, Beijing 地址:会议室待定,北京市朝阳区朝外大街乙12号1号楼昆泰国际大厦
    12 December 2019

    Spaces available

    The IFoA’s President-elect Tan Suee Chieh will visit Beijing. We will co-host CPD and Awards Presenting event with the Sunshine Insurance Group on Thursday 12 December 2019. The event is part of Mr Tan’s first presidential trip to China.

  • ARC Sessional Research Event: Drivers of Mortality - Risk Factors and Inequality

    Staple Inn Hall, High Holborn, London, WC1V 7QJ
    6 January 2020

    Spaces available

    The authors will focus on a large dataset obtained from the UK’s Office for National Statistics (ONS) and related sources. Data are available at the level of Lower Super Output Areas (LSOAs) – small geographical areas with, typically, 1000-2000 residents and include death counts, exposures and a significant number of socio-economic variables including the index of multiple deprivation (IMD).

  • SIAS Event: My Journey to Data Science, Big Data and AI

    Staple Inn Hall, High Holborn, London, WC1V 7QJ
    7 January 2020

    Spaces available

    Patrick Lee is an actuary who has made the transition to working in software architecture and artificial intelligence (AI). He holds Microsoft Professional qualifications in Data Science, Big Data and AI and is currently working towards a DevOps (the automation of software testing and deployment) qualification. He is a member of the IFoA Council and is also President of the Wessex Actuarial Society. He is also a member of the IFoA and the RSS's joint Data Science Focus Group and will talk on the ethical use of AI. 

  • Spaces available

    This presentation covers the detail for how the matching adjustment is calculated. A small simple example spreadsheet is provided and discussed in detail.

    For actuaries wanting to get more involved with the matching adjustment, this is the opportunity to get a detailed description of the mechanics involved. This includes cashflows derisking, PRA tests as well as hypothecation.

    The presentation is provided by James Sharpe who has worked on a number of matching adjustment calculations with several firms.

  • IFoA Volunteer Recognition Reception

    Staple Inn, 4 High Holborn, Holborn, London WC1V 6DR, UK
    15 January 2020

    Spaces available

    As a thank you to all our Institute and Faculty of Actuaries (IFoA) volunteers, you are invited to join us at Staple Inn Hall, for an evening of drinks, canapes and networking, in London.

    IFoA President, John Taylor, will be attending and will make a speech

    If you support the IFoA as a volunteer (member or non-member), or in any other role, and you are going to be in London on 15 January, please book your place and join us at this reception.

     

  • Sessional Meeting - Operational Risk Dependencies

    Royal College of Physicians of Edinburgh 9 Queen St Edinburgh EH2 1JQ
    20 January 2020

    Spaces available

    The Operational Risk Working Party aims to assist actuaries and others in the modelling and management of operational risk. One of the key challenges in modelling operational risk is the modelling of dependencies between operational risks, and between operational and non-operational risks such as market, credit and insurance risk. Their paper seeks to assist in this regard, and help develop good practice in setting assumptions and modelling operational risk dependencies. 

  • KSS event in Glasgow: Public Sector Pensions

    Hymans Robertson, Glasgow 20 Waterloo St, Glasgow
    30 January 2020

    Spaces available

    – the unappreciated key assumption, the resulting unsustainable promises, the unmanaged risk and the unrecognised debt? 

    Speaker: Allan Martin will present this talk on 30 January in Glasgow, Stirling and Edinburgh. If you wish to register for another location please return to the Events Calendar.

  • KSS event in Stirling: Public Sector Pensions

    M&G Prudential, Stirling Craigforth Campus, Stirling
    30 January 2020

    Spaces available

    – the unappreciated key assumption, the resulting unsustainable promises, the unmanaged risk and the unrecognised debt? 

    Speaker: Allan Martin will present this talk on 30 January in Glasgow, Stirling and Edinburgh. If you wish to register for another location please return to the Events Calendar.

  • KSS event in Edinburgh: Public Sector Pensions

    Hymans Robertson 1, Exchange Place, Semple St, Edinburgh
    30 January 2020

    Spaces available

    – the unappreciated key assumption, the resulting unsustainable promises, the unmanaged risk and the unrecognised debt? 

    Speaker: Allan Martin will present this talk on 30 January in Glasgow, Stirling and Edinburgh. If you wish to register for another location please return to the Events Calendar.

  • Professional Skills Training - London (11 February 2020)

    Staple Inn, High Holborn, London WC1V 7QJ         
    11 February 2020

    Spaces available

    A Trusted Profession

    A 2 hour CPD event designed to meet the IFoA’s Stage 3 Professional Skills Training under the IFoA’s CPD Scheme 2019/2020This session is suitable for actuaries working in any area (i.e. it is not specifically aimed at Pensions, GI or any other technical discipline) and is interactive, so you should come along prepared to take part in the discussions.

  • Sessional: Impact of E-cigarettes Working Party

    Royal College of Physicians, 9 Queen St, Edinburgh EH2 1JQ
    24 February 2020

    Spaces available

    This sessional meeting will be of direct interest to actuaries and others working in the in the Health and Care, Life or Pensions sectors or indeed actuaries with an interest in morbidity or mortality. Note: Registration is from 17.30 in time for the sessional to begin at 18.00.

  • Professional Skills Training - Edinburgh (25 February 2020)

    IFoA (Edinburgh), Level 2, Exchange Crescent 7 Conference Square Edinburgh EH3 8RA
    25 February 2020

    Spaces available

    A Trusted Profession

    A 2 hour CPD event designed to meet the IFoA’s Stage 3 Professional Skills Training under the IFoA’s CPD Scheme 2019/2020This session is suitable for actuaries working in any area (i.e. it is not specifically aimed at Pensions, GI or any other technical discipline) and is interactive, so you should come along prepared to take part in the discussions.

  • Spring Lecture 2020, Edinburgh - Vicky Pryce

    Assembly Rooms, 54 George St, Edinburgh EH2 2LR
    25 March 2020

    Spaces available

    What next in Economic Policy?

    Please join us on 25 March 2020 for our annual Spring Lecture presented by Vicky Pryce in Edinburgh. 

  • IFoA Asia Conference 2020, Kuala Lumpur

    CCEC Nexus, 7, Jalan Kerinchi, Bangsar South, 59200 Kuala Lumpur, Wilayah Persekutuan Kuala Lumpur, Malaysia
    24-25 June 2020
    Spaces available

    The sixth annual Asia Conference once again offers a prestigious line-up of home and international speakers discussing the insurance and financial industry’s innovation and change in Asia. This year's conference in Kuala Lumpur will be hosted by Tan Suee Chieh, IFoA’s first Asian President. He will also make his Presidential address at this conference and will expand on the important elements of IFoA’s new strategy. 

    Additionally, this landmark conference will showcase how the IFoA is reinventing itself to support its members to succeed and thrive in a digital age, within traditional businesses and beyond, as a global organisation. 

    Not to be missed by international industry players, opinion formers, academic and industry leaders, actuaries and non-actuaries.