You are here

The new UK Data Protection Act and the GDPR

Changes in the legislative landscape for the processing of personal data

Twenty years after the first major piece of UK legislation to deal with personal data the UK now has a new focal point for information law: the Data Protection Act (2018).  The Act is the UK’s implementation of the General Data Protection Regulation (GDPR), enshrining it in UK law, clarifying the national derogations and extending data protection laws into areas not covered by the GDPR.  You can find out more about the Data Protection Act via the Information Commissioner's Office (ICO), the information regulator in the UK.

The GDPR brings new rights for individuals and greater responsibilities for organisations that manage personal data.  You can see how the IFoA has responded to these changes via our Privacy Notice and associated policies.  If we process your personal data you can review how we manage your data, how we secure it and how to exercise any of your information rights under the Act.

The principles of the GDPR

There are seven principles under the GDPR:

  • Lawfulness, fairness and transparency: the need to have a lawful basis for processing personal data and to be open with data subjects about how it will be used
  • Purpose limitation: the requirement to specify at the outset the purpose of the processing and safeguards to prevent the use of the data for other purposes without consent
  • Data minimisation: to ensure the data is adequate, relevant and limited to what is necessary for the processing
  • Accuracy: that the data is up to date, and kept that way
  • Storage limitation: the data should only be kept for as long as is necessary, and disposed of according to a set schedule
  • Security: this requires that data is held in conditions where ‘appropriate technical and organisational measures’ are in place
  • Accountability: this reflects the need to evidence compliance and take responsibility for processing data in line with the law

Individual rights

Separate provisions are made for the rights of the individual under the GDPR and the new Data Protection Act:

  • The right to be informed: the provision of clear privacy information at the point of collection
  • The right of access: the data subject's right to obtain a copy of any personal data held in a timely manner
  • The right to rectification: the right to have data corrected or completed
  • The right to erasure: the qualified right to have personal data permanently destroyed
  • The right to restrict processing: the qualified right to have processing of personal data limited or stopped altogether
  • The right to data portability: the right to have a copy of the data in a transferrable format
  • The right to object: the qualified right to have data processing stopped in certain circumstances
  • Rights in relation to automated decision making and profiling: rights around the use of profiiling and the right to challenge automated decision making

Resources and guidance

Following on from our risk alert at the start of 2018 further guidance was given in a specially commissioned event and webinar in London: 'Preparing for the GDPR'.  This session provided an overview of the key elements of the GDPR for an actuarial audience.  For guidance on specific matters relating to the position of data controllers or data processors where information is not available on the ICO website the ICO provide an enquiry service.

Research and further reading

As with any new legislation the GDPR and the 2018 Act will evolve as good practice, regulatory guidance and case law develop.  If you are interested in different perspectives on information privacy law you can sign up for updates from the ICO, or search for papers and articles on the GDPR and related matters.

Clubs and societies

As with the 1998 Act small clubs and societies will require to maintain compliance with the GDPR and the new Act.  Actuarial societies by their nature collect and store personal data and should take advantage of the guidance on the ICO website for small organisations.  The guidance around the 'Right to be informed' provides a template for a revised Privacy Notice, the means by which organisations communicate their approach to the collection and ongoing management of personal data as well as individuals rights in relation to it.  Societies should also be aware of the principles of the Act and the GDPR, in particular around purpose limitation, storage limitation and security.

Filter or search events

Start date
E.g., 23/09/2020
End date
E.g., 23/09/2020

Events calendar

  • Asia Conference Webinar Series

    7 September 2020 - 25 September 2020

    Spaces available

    There will be a prestigious line-up of international speakers discussing the insurance and financial industry’s innovation and change in Asia.  The conference will take place throughout September via an online platform. The webinars consist of plenary speaking sessions and a series of workshop sessions including Life, GI, Data Science, Sustainability, Risk Management and Investment.

    This will be the perfect opportunity for you to discover,ask questions and be at the forefront of current and developing actuarial/financial topics and trends in Asia.


  • Spaces available

    This free 90 minute webinar is designed to support the IFoA CPD Co-ordinators, and others, involved in supporting our members to achieve their CPD requirements. 

    The programme will include an overview of the new CPD Scheme; specifically sharing with you key messages to support you implement and embrace the new CPD Scheme for our members within your organisation and regional community; how to arrange a reflective practice discussion; and an interactive reflective practice discussion learning exercise.  In addition, delegates will gain information about accessing, and making the most of the IFoA event Toolkits which you can make use of to run your own in-house events and events for regional communities. 

  • Spaces available

    16.00-17.00 GMT+8

    Consumer expectations are changing Insurance. The Royal Commission in Australia, Design Obligations in the UK, the insurtech ecosystem, and digital-first consumers demanding personalised solutions will all revolutionise how insurance looks like in the future.

  • Spaces available

    12.00-13.00 GMT+8

    This presenter / panel workshop hybrid will be anchored by two presentations examining the socioeconomic, medical and technological factors that will have a significant impact on mortality and our pricing over the next 20 years and beyond. It will also discuss whether significant mortality improvement will continue in Asia or whether varying experience of low improvements or deterioration. 

  • Spaces available

    12.00-13.00 GMT+8

    This presentation aims to provides an overview of the reformation of current Chinese regulatory solvency regime, how industry coping with the new normal after pandemic time and how the reformation of the regulation could help the insurance industry gets back on its feet as well as coming back to the “protection” core value for the policyholders. The presentation would include:

  • Spaces available

    16.00-17.00 (GMT+8) | 09.00-10.00 (BST)

    The basic data of China’s 2nd Critical Illness Mortality Table covers 2000+ products in Chinese market, including about 340 million insurance policies and 5.1 million claimants. Presenter will give the audience a general understanding including but not limited to the following contents:

  • Autumn Lecture 2020: Professor Elroy Dimson

    Online webinar
    14 October 2020

    Spaces available

    Many individuals and institutions have a long-term focus, and invest funds for the benefit of future generations. Their strategy should reflect their long horizon. University endowments are one of the oldest classes of institutional investor, and I will present the first study of the management of these endowments over the very long term.

  • GIRO Conference 2020 Webinar Series

    Available to watch globally in November.
    02-13 November 2020
    Spaces available

    This year's GIRO has been re-designed as a virtual conference to offer members and non-members the opportunity to get up to date content from leading experts in the general insurance field via online webinars. All sessions will be recorded and made available to purchase and re-watch post-event on the IFoA's GI Online Learning Resource area.

  • Spaces available

    Cash-flow driven investing is a game-changer for DB pension funds navigating their end-game. Suitable for sponsors who want to reduce risks on their balance sheets. And for trustees, it shifts the focus to providing greater certainty of returns, managing funding level volatility and ensuring they have enough income to pay cash-flow requirements.

  • Spaces available

    The talk will provide an understanding of the priorities and relationships between deficit reduction contributions, in the context of wider scheme funding, and different types of value outflow from the employer based on the working party’s recently published report.