GDPR: What you need to know

With GDPR upon us and firms being forced into frenzied ‘data dumps’ little regard has been given to what we ‘don’t know’.

Many long tail disease claims have latent periods of decades, as do abuse and ill-health claims before they materialise. When they do, insurers are reliant on robust historic record keeping to enable a defence which now seems to contradict all guidance offered by the Information Commissioners Office.

The reality is that as long as organisations can explain why data is being kept, and the reason is authentic, then data can be kept for as long as is deemed necessary.

It will be years before we know how insurers will respond to claims where their defence has been ‘dumped’, but it is predicted that premiums will sore if the policies respond.

At Romero we are advising our clients to look at their risks. Personal injury claims normally have a limitation period of 3 years from the date of accident, or 3 years from a child’s 18th birthday. Records should be retained for a period that makes records available if a claim is made.

For disease, ill-health and abuse claims the period records need to be kept for is indefinite.

Latent periods can be 30 years and many years after before employment records are able to identify all employers during the working history of the claimant. It is for organisations to factor this into their GDPR Retention Policy. If possible it may be sensible to retain only the necessary data such as identification data ie name, date of birth, NI number along with positions held and areas worked. Pre-employment health information and any occupational health records will also be valuable but other data such as bank details and emergency contact information could be filtered out.

You don’t know what you don’t know but in any environment it is foreseeable that there will be exposure to the hazards associated with disease, ill-health and abuse claims. These may be noise, asbestos, safeguarding, dust or anything which could result in historic claims.

Retention Policies can be reviewed as and when issues are clarified but in the meantime we are advising our clients to side with caution and retain records for as long as they can.

Image Credit: https://smeders.nl/