GDPR looks set to become the most used acronym of 2018 and by all accounts, this will be well before it comes into effect on 25th May this year.

Without becoming too entrenched in the detail, GDPR (or General Data Protection Regulation) will replace the Data Protection Act of the mid 90’s. It will place greater obligations on how organisations store, handle and process data, with a greater significance on what consent has been provided and how it is documented. This applies both to external data, such as customer information, and internal data, such as employee information.

There are a set of guidelines that organisations must follow and one thing you can be sure of is that failing to act is not an option. Furthermore, if you are wondering ‘what will happen after Brexit’, then wonder no more, while GDPR is a Directive for, the EU, the larger part of it is being adopted by domestic legislation and will apply when the UK has finally negotiated its departure.

It is yet to be seen how effective the change will be but there is no question that protection of data is seen as sacrosanct and the maximum legal penalties are eye watering; up to 4% of turnover or €20M.

Organisations’ risk registers should consider the implications of a data breach including: who needs to be notified and by when, the practicalities of undertaking this within the required timescales, and the possible costs involved with notification (typically £50-£150 per record, depending on the type of data breached).

It is also important that organisations understand the potentially greater loss of a poorly handled data breach (in addition to those costs already mentioned), in the reputational damage they and their brand may suffer.

Insurers have responded to provide policies which can help if things go wrong, but this is a fast moving area of insurance and (as ever) it is important to check the small print.

Spring is fast approaching and in theory organisations have had two years to prepare. If it hasn’t yet been done, now is the time to carry out an audit to review what personal data is held by you and why. Make sure the key people within your organisation are aware of the changes and the implications they could have.

Zach Gray is the Commercial Director at D E Ford Insurance Brokers. Providing bespoke insurance packages including solutions to protect reputational risk for businesses and charitable organisations.

Covid-19 Notification

We are following guidance and trying to ensure that our staff can work from home where possible. If you wish to make contact, please continue to use the direct telephone or email details for your usual contact(s).

If you are making a general enquiry or do not know your service contact(s) please call 01904 784141or send an email to

xCenta Risk Management Portal

Our team of Risk Managers have been busy developing and building a new Microsite portal. Our aim is to update the service to ensure our risk management clients continue to have access to lots of useful risk assessment guidance, case studies, forms and templates.

To access the Resource Portal, please Click Here to log on to our xCenta system.

If you have any questions or are unsure of your Username or Password, please speak directly to our xCenta Support Team on 01777 861829.

Thank you.

Site Navigation