General Data Protection Regulation (GDPR) - Searchlight Insurance Training

General Data Protection Regulation (GDPR)

As from 25 May 2018 the EU General Data Protection Regulation (GDPR) applies to all organisations handling the data of EU citizens. The government has confirmed that Brexit will not affect the UK’s implementation of GDPR. Why? Because the new regime applies to organisations outside the EU that offer goods and services to individuals within the EU.

GDPR applies to companies that fall into two categories: ‘controllers’ and ‘processors’. The definitions are similar to those found in the existing Data Protection Act – i.e. controllers say how and why personal data is processed; processors act on the controller’s behalf.

However, GDPR places specific legal obligations and liabilities on processors; for example, they will be required to maintain records of personal data and processing activities. By the same token, controllers are required to ensure that their contracts with processors comply with the GDPR.

The Principles underpinning GDPR are broadly similar to those supporting the DPA, but there are some additional requirements around accountability and the need to be able to demonstrate effective systems and controls around handling personal data.

To focus the mind, GDPR brings with it stringent penalties for those who fail to comply with the rules – fines can be up to €20,000,000 or 4% of an organisation’s total annual global turnover, not profit, based on the preceding financial year, whichever is the greater.

Level: n/a

Duration: 0.5 day(s) CII CPD Hours: 3


By the end of this workshop delegates will be able to:

  • understand the key differences between GDPR and the existing Data Protection Act (DPA)
  • explain the UK Information Commissioner Office’s (ICO) intended approach to implementing GDPR.
  • understand the organisational implications of GDPR’s implementation.
  • assist delegates in considering the impact of GDPR on their businesses.
  • enable delegates to prepare for compliance with new GDPR requirements from 25 May 2018 onwards.


  • Summary of GDPR’s key points and how it differs from the DPA
  • Individual’s rights under GDPR – including ‘the right to be forgotten’
  • Accountability and governance
  • Systems, controls and managing GDPR risks effectively
  • Next steps and action planning

Searchlight can provide post-course consultancy services to those firms who believe that they may need specialist help in understanding and addressing GDPR requirements – for example, undertaking a gap analysis to determine how well the firm’s current arrangements match the new requirements and providing assistance to address issues that are identified.