The General Data Protection Regulation — better known as GDPR — which gives citizens of the European Union (EU) more rights to control their personal information comes into effect today and Lloyd’s, over the last 18 months, has been working to prepare for the new rules.
The Corporation of Lloyd’s has access to many different forms and sources of personal data, ranging from information that may be provided within a policyholder complaint, third party supplier contracts and our own employees’ information.
In the run up to GDPR, we have been reviewing all of our data processes and contracts to identify the lawful basis for having personal information and, like many other companies, have issued privacy notices. We have reviewed our contractual arrangements with suppliers and other third parties, and these are being updated where required. Each area of the Corporation, which may use any form of personal data, has updated processes which are GDPR compliant.
We have also ensured that all activity under the London Market Group (LMG) Target Operating Model (TOM) programme (TOM GDPR readiness statement) and companies such as The Message Exchange Limited (TMEL) and Structured Data Capture (SDC) are compliant.
All employees, contractors and consultants working for the Corporation have completed our mandatory training, which includes an online module also available to Lloyd’s market participants via Lloyds.com.
We have previously issued advice via the Lloyd's Minimum Standards about the expectations which managing agents need to comply with and, from today, any information that market participants share with different areas of the Lloyd’s Corporation will be covered by our updated privacy policies.
If you have a questions about how we have implemented GDPR within Lloyd’s please contact our Data Protection Officer at Data.Protection@lloyds.com.