The implications of GDPR for captives
From: Commercial Risk Online, May 3, 2018
The EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and will harmonise data protection rules across the European Union. As well as introducing new requirements around data breach notification, the GDPR also imposes potentially large fines on companies found to be in breach of certain requirements of the Regulation. Owen Williams, manager of XL Catlin’s Captive Centre of Excellence, and Geraldine Henbest, group data protection officer at XL Catlin, discuss the implications for captives and what risk managers should be aware of when the rules come into effect.
Q. What are the main elements of the GDPR that risk managers should be aware of?
Geraldine Henbest: The GDPR generally applies to any organisation established in the EU (acting as a data controller or data processor) regardless of whether the data is processed in the EU, as well as any organisation not established in the EU where the organisation is offering goods and/or services to EU citizens or monitoring their behaviour as far as it takes place within the Union.