GDPR at Zurich

What is GDPR? 

The General Data Protection Regulation, more commonly known as GDPR, is the new EU-wide law which applies directly to all EU member States as at 25 May 2018. Here are some of the key changes in the new regulation:

1. It will apply to all EU member states from 25 May 2018.

2. It applies globally to all organisations processing the personal data of EU subjects and to all EU Member state organisations where they are acting as controllers of that personal data regardless of the location of the data subject.

3. Significant new rights for data subjects including the right to seek compensation and rights to erasure and accurate representation. Here is the full list of individual rights.

4. Significant fines for companies in the event of an infringement of the Regulations of up to €20 million euros or, in the case of an undertaking, 4 percent of annual global turnover.

5. Consent requirements have also been toughened. Organisations will be required to evidence that they have a legitimate basis for processing Personal data or that customers have given their consent. This is to ensure customers have more control over the use of their personal data.

To find out more about the regulation and to assess your own readiness we recommend you visit the Data Protection Commission website to find out more.

Our GDPR programme is well established and will ensure our alignment on regulatory interpretation to enable delivery of GDPR compliance specifically taking care of the individuals rights and freedoms, transparency of our data processing and where applicable carrying out Privacy Impact Assessments.

For more information, read our FAQs.