Listen again to our GDPR webinar
Did you miss our GDPR: Supporting your voyage to compliance webinar which took place on Thursday 8 March? If you couldn't make it you can listen again using the link below.
As we enter a busy period of regulatory change we will be providing you with a monthly bulletin. Our first bulletin for March 2018 covers GDPR, IDD and Brexit.
The bulletins will provide you with general updates and information, along with actions you will need to undertake as a third party relation of Hiscox.
Click on the headings below to find out more.
The General Data Protection Regulation (GDPR) is a new law, relating to personal data, which will come into force 25th May 2018. It will replace the UK’s Data Protection Act, and similar legislation across the European Union.
For more information on the GDPR and what you need to do to ensure you are compliant visit the ICO website (external link).
We are making some changes that will impact you regarding contract changes, fair processing notice website changes and data transfers. Please ensure you read about these changes and take note of the recommended actions you need to take.
Action: Ensure you read and confirm your acceptance to contract changes.
Action: For websites managed by Hiscox, brokers will need to provide the updated privacy notice to Hiscox as soon as possible to enable the website to be updated in time for 25th May 2018.
One of the risks that you may already be thinking about is the risk of breach when you are transferring personal information regarding a client or potential client to Hiscox.
It is easier to think of how we exchange data in the following three pockets of activity:
Personal data
Hiscox protects its emails by using what is called Transport Layer Security’, or TLS, to protect emails, both inbound and outbound. This is convenient for everyone as all the protection happens in the background without you having to do anything special. However the level of security does depend on the receiving server, so encryption cannot be guaranteed unless it is enforced. Where it is supported, enforced TLS can be adopted by both yourself and Hiscox which will guarantee encryption every time. Provided TLS is supported by your emails servers this is quick and easy to implement.
Action: Contact Fran Varley at uk&[email protected] with the subject line "Personal data encryption" requesting to make arrangements to enforce encryption and ensure all our email communications are encrypted. Please provide your contact details and preferred method of contact so we may email or call you back.
Sensitive data
There are occasions when we might want to add some additional protection to our data, for example when we are sharing sensitive (or special category) data. By May 2018, where Hiscox regularly share sensitive data we will be implementing secure messaging. This is unlikely to affect the majority of you but where it does, it means that you will receive a notification email and you will simply enter a password to access the message. You’ll be able to reply and send us secure messages too.
Action: If you share sensitive data with us and would like to use our secure message facility, please contact Fran Varley at uk&[email protected] with the subject line "Secure message facility" to make arrangements to set up secure messaging. Please provide your contact details and preferred method of contact so we may email or call you back.
Large volumes of data
Delegated authorities, schemes and binders often send the data for multiple risks via Bordereau. Sharing large volumes of data at once increases the impact of any potential data breach. Therefore greater security is required than can be afforded by email and so Hiscox will be rolling out Enhanced File Transfers (EFT). EFT is a secure method of transferring large files can be implemented quickly and easily.
For third parties that engage in this level of data transfer and are currently using email, we will contact you over the oncoming weeks to set up our EFT links.
To discuss any of the above further or to arrange your data transfer mechanisms please contact:
Fran Varley, GDPR business analyst, UK & Ireland
Email: uk&[email protected]
Did you miss our GDPR: Supporting your voyage to compliance webinar which took place on Thursday 8 March? If you couldn't make it you can listen again using the link below.
You may already be aware that the IDD implementation date is delayed from 23rd February 2018 to 1st October 2018. This has been confirmed by HM Treasury at a UK level, but isn’t likely to be officially confirmed by the EU until later in the year. Furthermore, the lack of final rules creates a further element of uncertainty. As such, Hiscox has decided to take a pragmatic approach to rolling out changes to ensure compliance with the directive and will be doing so throughout 2018.
The directive places requirements on both Insurers and Brokers and as such there are mandatory activities you are required to complete both as an entity in your own right and as a part of your relationship with Hiscox before the directive comes into place.
Hiscox would like provide you with any support you may need in order to achieve compliance. The following does not outline all your regulatory responsibility, but does highlight some of the main areas of responsibility for those that relate to our relationship.
UK
Ireland
The below is taken from the directive, we have summarised in order to assist your preparation ahead of 1st October 2018:
Should you have any queries on any of the above information regarding the Insurance Distribution Directive please email us uk&[email protected].
As a result of the UK’s decision to leave the European Union, we are making some necessary changes to our business structure to ensure continuity of cover to all our customers with European risks. Brexit is structural not strategic for Hiscox, so in most cases you should see and feel very little change from us, if any at all.
A key implication of Brexit is the loss of ‘passporting rights’ which allow Hiscox to conduct cross-border business throughout the European Economic Area (EEA) either directly from the UK or through our branch offices across Europe. Hiscox currently operates through an insurance company (Hiscox Insurance Company Limited), an agency (Hiscox Underwriting Limited) or via Lloyd’s of London, all of which are registered in the UK and will therefore lose their passporting rights.
Our priority is to ensure we can continue to provide products and services to policyholders with EEA risks; what that looks like will vary slightly depending on which part of the business you work with.
We will continue to refine our plans further over the coming months, particularly as more becomes known about Brexit from the UK government and as we all get more clarity over a transition period.
We will keep you updated on our Brexit plans over the coming months, and there is nothing for you to do for now when it comes to working with Hiscox post-Brexit. If you have any questions about what Brexit means for your work with Hiscox, please speak to your usual Hiscox contact.
Want more?
You can access all our previous Regulatory Bulletins here.