Insurance Europe issues GDPR data breach notification template
Source: Asia Insurance Review | May 2018
Insurance Europe, the European insurance and reinsurance federation, has issued a template for reporting data breaches to the UK Information Commissioner’s Office (ICO) under the General Data Protection Regulation (GDPR).
From 25 May 2018, companies will have to submit relevant information about a data breach to the ICO without undue delay and, where feasible, no later than 72 hours after having become aware of the breach. The information should include the nature of the breach, categories and approximate number of data subjects and of personal data records concerned, likely consequences and measures taken to address and mitigate the breach.
Insurance Europe explains that it developed the template as a possible way to meet this obligation. The template is divided into three sections:
- Personal details and information on the affected organisation (not to be shared with third parties);
- Details on the data breach incident in accordance with Article 33 of the GDPR, to be sent to the ICO, where feasible, no later than 72 hours after having become aware of the breach; and
- A section to be completed following the 72-hour period when more information is available on the breach. A