Sectors
Finance and
Insurance
The GDPR adds
additional complexity to the already heavily regulated Financial Services and
Insurance sector. Many of the GDPR’s requirements
are complementary to existing legislation but special attention must be made to
personal data protection.
Finance and
insurance companies often process large amounts of personal data, often of a
sensitive nature.
Particular
attention must be paid to ensure it is only used for the intended purpose, that
it is only shared in a controlled way and that it is retained and disposed of
appropriately and in a timely fashion.
The use of data
for profiling and automated decision making is also strictly legislated under
the GDPR.
Retail & eCommerce
Technology and data protection have had a significant impact on both traditional bricks & mortar and eCommerce retailers.
The Privacy and Electronic Communications Regulations (PECR), along with the GDPR mean all retailers must pay special attention to maintaining their sales and marketing databases, recording consent and managing data retention and disposal.
Multi-site retail chains often have different systems in different stores, many of them paper-based, and should consider data minimisation techniques to ensure they don’t hold unnecessary data. Staff training across stores is often needed to ensure all employees understand their responsibilities with regard to data protection.
Medical and Healthcare
The GDPR imposes legal obligations on medical and healthcare organisations around how they must manage and process personal data.
The new legislation complements the NHS Data Security and Protection Toolkit (DSPT) and requirements for Caldicott Guardians. It gives the Information Commissioner’s Office (ICO) powers to impose significant financial penalties for non-compliance.
This, along with the increased focus on data collection and developments in AI for healthcare, are making the need for robust personal data protection practices essential.