You are here

The new UK Data Protection Act and the GDPR

Changes in the legislative landscape for the processing of personal data

Twenty years after the first major piece of UK legislation to deal with personal data the UK now has a new focal point for information law: the Data Protection Act (2018).  The Act is the UK’s implementation of the General Data Protection Regulation (GDPR), enshrining it in UK law, clarifying the national derogations and extending data protection laws into areas not covered by the GDPR.  You can find out more about the Data Protection Act via the Information Commissioner's Office (ICO), the information regulator in the UK.

The GDPR brings new rights for individuals and greater responsibilities for organisations that manage personal data.  You can see how the IFoA has responded to these changes via our Privacy Notice and associated policies.  If we process your personal data you can review how we manage your data, how we secure it and how to exercise any of your information rights under the Act.

The principles of the GDPR

There are seven principles under the GDPR:

  • Lawfulness, fairness and transparency: the need to have a lawful basis for processing personal data and to be open with data subjects about how it will be used
  • Purpose limitation: the requirement to specify at the outset the purpose of the processing and safeguards to prevent the use of the data for other purposes without consent
  • Data minimisation: to ensure the data is adequate, relevant and limited to what is necessary for the processing
  • Accuracy: that the data is up to date, and kept that way
  • Storage limitation: the data should only be kept for as long as is necessary, and disposed of according to a set schedule
  • Security: this requires that data is held in conditions where ‘appropriate technical and organisational measures’ are in place
  • Accountability: this reflects the need to evidence compliance and take responsibility for processing data in line with the law

Individual rights

Separate provisions are made for the rights of the individual under the GDPR and the new Data Protection Act:

  • The right to be informed: the provision of clear privacy information at the point of collection
  • The right of access: the data subject's right to obtain a copy of any personal data held in a timely manner
  • The right to rectification: the right to have data corrected or completed
  • The right to erasure: the qualified right to have personal data permanently destroyed
  • The right to restrict processing: the qualified right to have processing of personal data limited or stopped altogether
  • The right to data portability: the right to have a copy of the data in a transferrable format
  • The right to object: the qualified right to have data processing stopped in certain circumstances
  • Rights in relation to automated decision making and profiling: rights around the use of profiiling and the right to challenge automated decision making

Resources and guidance

Following on from our risk alert at the start of 2018 further guidance was given in a specially commissioned event and webinar in London: 'Preparing for the GDPR'.  This session provided an overview of the key elements of the GDPR for an actuarial audience.  For guidance on specific matters relating to the position of data controllers or data processors where information is not available on the ICO website the ICO provide an enquiry service.

Research and further reading

As with any new legislation the GDPR and the 2018 Act will evolve as good practice, regulatory guidance and case law develop.  If you are interested in different perspectives on information privacy law you can sign up for updates from the ICO, or search for papers and articles on the GDPR and related matters.

Clubs and societies

As with the 1998 Act small clubs and societies will require to maintain compliance with the GDPR and the new Act.  Actuarial societies by their nature collect and store personal data and should take advantage of the guidance on the ICO website for small organisations.  The guidance around the 'Right to be informed' provides a template for a revised Privacy Notice, the means by which organisations communicate their approach to the collection and ongoing management of personal data as well as individuals rights in relation to it.  Societies should also be aware of the principles of the Act and the GDPR, in particular around purpose limitation, storage limitation and security.

Filter or search events

Start date
E.g., 15/07/2020
End date
E.g., 15/07/2020

Events calendar

  • Current Issues in Life Assurance (CILA) Webinar series

    Webinar Series
    15 July 2020 - 3 August 2020

    Spaces available

    CILA is one of the pre-eminent events in the annual 'Life' calendar. Due to COVID-19 we are running the programme as a series of webinars covering topics aimed at practicing life actuaries from life offices, consulting firms and other employers of actuaries and those who work in or advise on, the life assurance market in the UK and Europe.

  • Spaces available

    Current Issues in Life Assurance - For annuity writers, a key challenge is the need to fund capital-consumptive new business strain (NBS) as a consequence of writing the business intended to fund future distributions. Reinsurance, investment strategy and capital provision all have roles to play which we will investigate in this webinar

  • Spaces available

    Current Issues in Life Assurance – Mortality in 2020 is now dominated by one thing, although – in our future-focused world – the pandemic is just one of many mortality considerations.  In this session, three well-regarded mortality/longevity specialists provide an overview of implications and impacts of COVID-19, recent and imminent CMI developments and more 'future focused' work in the MRSC

  • Spaces available

    Because of Covid-19, forecasters predict a severe recession in 2020, followed by a V or U-shaped recovery. This impacts both individuals and companies. However, compared to previous recessions, the impact on banks of higher credit losses should be mitigated to some extent by government actions. 

  • Spaces available

    Part of the Protection, Health and Care Conference 2020 webinar series

    This session will provide an overview of the Population Health Management Working Party's research including defining impactability and impactability modelling, discussing some examples of specific modelling approaches, considering the practical challenges across the NHS as well as wider public perception and ethical issues.

  • Spaces available

    Many actuaries consider career opportunities in the Finance and Investment practice area after having started off in more traditional actuarial roles such as valuations, capital management or pricing. This session is aimed at helping actuaries to better understand roles in Finance and Investment and how they can fine tune their skills to pursue such careers.

  • Mortality and Longevity Webinar Series 2020

    Webinar Series
    22 July 2020 - 10 August 2020

    Spaces available

    Due to COVID-19, we are running this programme via a series of webinars commencing 22nd July.

    This webinar series will provide topical and practical updates and discussion on the latest thinking and innovations in mortality and longevity, and is designed to be very accessible to a broad range of experience.

     

  • Spaces available

    Insurers are making increasing use of medical research to help with assumption, models and underwriting. Experienced mortality/ longevity specialists discuss the issues in the interpretation of  medical research papers, using a range of case studies. The case studies will include COVID-19 points of current importance. Many of the concepts discussed (data bias, inference of causation) are also applicable to equivalent questions in 'big data' and advanced analytics.

  • Spaces available

    Members of the Mortality Working Group of the IAA have analysed changes in mortality for about 30 causes of death  and will discuss how causes of death are classified, and the problems of long-term data, appropriate metrics, including "years of life lost" (YLL), causes of death - a "measure of cohortness", the changes in dominant causes of death at older ages, and how can these types of studies enhance mortality forecasting.

  • Spaces available

    Predictive risk assessment and risk stratification models based on postcode-level consumer classification are widely used for life insurance underwriting. However, these are socio-economic models not directly related to health information. Similar to precision medicine, precision life insurance should aim to tailor policy pricing/reserving to the individual health characteristics of each client.

  • Spaces available

    This discussion, the fourth in the Extreme Mortality Events webinar series, will look at what poor model selection and calibration could look like – using inappropriate historical data; using incorrect 2020 mortality data; and inappropriate stochastic model recalibration (or lack thereof). Presented by Chair of the Life Board of the Institute and Faculty of Actuaries, Colin Dutkiewicz. 

  • Spaces available

    This webinar has been re-scheduled from its original date of the 1st July. Although ESG has many buyers across the asset allocation community, from pension funds to sovereign wealth funds, it still hasn’t found its place within the core asset management strategy desks where the money is actually invested. The problem as well as the opportunity is Fixed Income. Plenty of strategies exist for incorporating ESG within Equities, from screening, integration to a combination. ESG has picked up relatively quickly within Equities with rating,indices created using ESG factors. This talk will discuss how we price a quantifiable ESG credit risk premium and make it alpha worthy in a strategy. 

  • Spaces available

    Part of the Protection, Health and Care Conference 2020 webinar series

    With the rising prevalence of dementia, how can we manage this risk effectively and can insurance do more? Matt Singleton, Ageing Lead at Swiss Re, will cover these topics and demonstrate how insurance could help people address their concerns.

  • Spaces available

    Current Issues in Life Assurance – Join us for an exploration session on the use of data science in insurance companies today including how insurers are making sense of and using new data sources and technologies, exploration of practical applications of data science within actuarial work, benefits of data-driven decisions to solve business problems using the power of data and technology, and the role that actuaries can play to harness the benefits of data science.

     

  • Spaces available

    Current Issues in Life Assurance

    This talk will look at a range of such techniques (e.g. mass lapse risk transfer, contract boundaries, risk margin relief, non-standard longevity risk transfer) that have been applied or considered by UK and EU insurers, and the pros and cons of each.

     

  • Spaces available

    Current Issues in Life Assurance.

    The International Association of Insurance Supervisors announced on 14 November 2019 the adoption of v2.0 of the global Insurance Capital Standard (ICS) which will undergo confidential reporting for 5 years starting from 2020. This session will include specific experiences from Legal and General (L&G) as well as global industry perspectives from EY.

  • Spaces available

    Current Issues in Life Assurance

    This session will cover the PRA supervisory statement on financial impacts related to climate change, industry insights into PRA climate risk business plans, examples climate risk strategy setting out key workstreams and activity steps for successful execution, an overview of a climate risk strategy execution timeline and the future.     

  • Spaces available

    Part of the Protection, Health and Care Conference 2020 webinar series. Using new and unique research and data from the UK, US, Sweden and China, this presentation investigates how consumers use the internet through their insurance journey and analyzes the role culture and generation plays in their online behaviour. We use this research to show the online landscape for insurance sales in the UK and suggest ways to shape new products and effectively engage with the consumer who is buying them.

  • Spaces available

    Chief Medical Officer (CMO) for Gen Re Life/Health Research and Development, Dr John O'Brien, will discuss the impacts of Gene Modification for life/health insurance. 

  • Spaces available

    As an industry, it has been important to be able to look to the future to identify the next quantifiable risk. In this session, I will explore some of the less tangible, but none-the-less concerning risks to future health, such as the health risks associated with exposure to pesticides, ingestion of plastic in the food chain, and the hazards of indoor air pollution through exposure to volatile organic compounds.

  • Spaces available

    The working party will help the industry to update and enhance how potential risk from diabetes and excess mortality is considered, including the need to understand the underwriting implications as treatments improve, and potentially to develop new products that are tailored to those with diabetes.

  • Spaces available

    Part of the Protection, Health and Care Conference 2020 webinar series. Modelling the structure and trends of cancer morbidity risk is important for pricing and reserving in related health insurance fields such as critical illness insurance and care provision. We model the dynamics of cancer incidence over time in different regions in England, using 1981-2016 ONS data. The modelling allows estimation of cancer rates at various age, year, gender and region levels, following a Bayesian setting to account for statistical uncertainty. Our analysis indicates significant regional variation in cancer incidence rates. 

  • Spaces available

    Part of the Protection, Health and Care Conference 2020 webinar series. In this talk we will outline the steps Aviva took in pulling together our first large-scale disclosures on the exposure of our business to climate change published in March 2019; in line with the recommendations of the Taskforce on Climate-related Financial Disclosures. After touching on why insurers have such an important role in climate change, we'll cover a brief “how-to” guide for those who have not yet embarked on thinking about these topics before giving a case study of how the learnings from a TCFD disclosure exercise can be applied to investment portfolios.

  • Spaces available

    Part of the Protection, Health and Care Conference 2020 webinar series. 

    The insurance industry currently underwrites customers with diabetes based on a range of factors, medical expertise and various medical studies. The work undertaken by the Diabetes Working Party would help the industry to approach this using current research findings to update and enhance how potential risk from diabetes is considered. This includes the need to understand the underwriting implications as treatments improve, and potentially to develop new products that are tailored to those with diabetes. This webinar will present our latest findings in the management of this important chronic condition which will include research in collaboration with the ARC.