GDPR Frequently Asked Questions
- What is personal data?
- What is "sensitive data"?
- What is GDPR and when does it come into effect?
- Who does the GDPR affect?
- Why is GDPR important?
- What are the penalties for non-compliance?
- For which purpose do insurers need data?
- What is the difference between a data processor and a data controller?
- What rights will individuals have under GDPR?
- Does Liberty share my personal information?
- How secure and confidential is my personal data?
- Where do I get more information?
Personal data is any information that can identify a living individual person, directly or indirectly. It can be anything from a name, a photo, a registration number, an email address, bank details, post’s on social networking websites, medical information, or a computer IP address.
Sensitive personal data consists of information on an individual which is of private nature and may lead to discrimination. GDPR provides stringent protections for sensitive data compared to other types of personal data. Sensitive data includes health and conviction, genetic and biometric data.
The GDPR stands for General Data Protection Regulation and is the new European Union Regulation that applies across the EU. It comes into effect on the 25th May 2018 and will bring in significant changes to current data protection laws in the European Union.
Who does the GDPR affect?
It applies to all companies processing and controlling the personal data of data subjects residing in the European Union, regardless of the company’s location.
GDPR will replace the existing data protection act, as data is now used very differently, for examples the use of the internet and social media has transformed how we interact with data. GDPR seeks to improve trust in this emerging digital age by giving people greater control and rights over their personal data.
What are the penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements.
For which purpose do insurers need data?
There are a number of reasons why Liberty collect and use personal information including:
- To process your applications
- To help administer your products and services
- To ensure we provide you with the best service possible
- To prevent unauthorised access to your accounts
- To meet our legal and regulatory obligations
You can find out more about how Liberty uses your personal data in Section 3, 4 and 5 of the Data Protection Notice.
What is the difference between a data processor and a data controller?
A “Data Controller” is the individual or the legal person who controls and is responsible for the keeping and use of personal data on computer or on structure manual files. If you hold or process personal data, but do not exercise responsibility for or control over the personal data then you are a “Data Processor”.
What about Data Subjects under the age of 13?
Parental consent will be required to process the personal data of children under the age of 13 for online services.
What rights will individuals have under GDPR?
The new law will give individuals greater control over their data by setting out additional and more clearly defined rights for individuals whose personal data is collected and processed by Liberty.
There are 8 fundamental rights of individuals under GDPR. These are:
- The right to be informed - Liberty must be completely transparent in how they are using personal data.
- The right of access - Individuals will have the right to know exactly what information is held about them and how it is processed.
- The right of rectification - Individuals will be entitled to have personal data rectified if it is inaccurate or incomplete.
- The right to erasure - Also known as 'the right to be forgotten', this refers to an individual's right to having their personal data deleted or removed without the need for a specific reason as to why they wish to discontinue.
- The right to restrict processing - Refers to an individual's right to block or suppress processing of their personal data.
- The right to data portability - This allows individuals to retain and reuse their personal data for their own purpose.
- The right to object - In certain circumstances, individuals are entitled to object to their personal data being used. This includes, if a company uses personal data for the purpose of direct marketing, scientific and historical research, or for the performance of a task in the public interest.
- Rights of automated decision making and profiling - The GDPR has put in place safeguards to protect individuals against the risk that a potentially damaging decision is made without human intervention. For example, individuals can choose not to be the subject of a decision where the consequence has a legal bearing on them, or is based on automated processing.
You can find out more about your privacy rights please see Section 9 of the Data Protection Notice.
At times, we need to share your personal data with trusted third parties who perform important functions for us. For example, we use third parties to help us address fraud and security issues. We also are required to cooperate with Irish, EU regulatory and enforcement bodies.
You can find out more about why we share personal data in Section 5 of the Data Protection Notice.
The protection and security of your personal data is of the highest importance to us. We use a variety of technologies and procedures to help secure your personal data from unauthorised access, use or disclosure. Our Data Protection Notice outlines how we do this in more detail.
Where do I get more information?
You can download our Data Protection Notice or request a copy by emailing firstname.lastname@example.org or calling 1890 89 1890. A Data Protection Notice is a document that every company who processes personal data must produce and make available and explains how we manage your personal data. We have appointed a Data Protection Officer ('DPO') who can answer any of your data queries or concerns. You can contact our DPO by post: Data Protection Officer, Liberty Insurance dac, Dublin Road, Cavan, Co. Cavan by telephone: 01 553 4229.: or by email DataProtectionOfficer@libertyinsurance.ie
If you would like to learn more about GDPR please visit www.gdprandyou.ie