Are you ready for the General Data Protection Regulation?

August 31, 2017 Richard Forrest

Many of you are probably aware of the changes in data protection legislation coming into force on 25 May 2018 through the General Data Protection Regulation (GDPR) — the new framework regulating data protection for individuals within the EU.

Are you ready for the GDPR

As the GDPR is a set of European regulations, there is a question over its implementation in the light of Brexit.

Nevertheless, the advice from the government and the Information Commissioner’s Office (ICO) is to fully prepare for it in any case, particularly for companies keen to continue to trade with the EU.

What does it mean for you? 

The GDPR strengthens and widens current data protection legislation, and there are some significant new elements and features to be mindful of.

The regulators can issue larger fines for breaches of the legislation.  These can be up to 4% of the total worldwide annual turnover of the breaching organisation or 20 million euros, whichever is higher.

Data subjects also have new and enhanced rights over the personal data that you keep, so you need to ensure that your procedures will cover, and demonstrate compliance with, all of these. This includes the right to be forgotten and for a data subject to receive their personal data in a portable format.

What does it mean for SSP?

There are two main areas of work for SSP:

  1. Ensure that we are compliant with the regulations in terms of the personal data under our care.

    This covers everything from how we handle and process our customers’ client data, and the design of our software and services, to our security systems and other safeguards.

  2. Ensure that the requirements of the regulations are built into our software to enable our customers to be compliant.

    Our customers need software that will help them to comply with all aspects of the legislation, such as the right to be forgotten. This is where an individual has the right for all information about them to be removed from a data controller’s systems.

What we are doing?

A programme of work has been started to ensure that our products and services help our customers to be GDPR-compliant. This will involve working with our customers, regulators and other industry bodies to clarify how the legislation will be interpreted in practice. The programme will allow for a robust testing period from the start of 2018 that will enable SSP and our customers to be ready and compliant by the time the regulations come into force in May.

As we continue to work through this programme, we will keep you informed of the latest developments through regular updates.

Further reading

In addition to the EU’s GDPR website (, the ICO has set up a data protection reform site which contains information and guidance about GDPR and preparing for it:

As well as reviewing the 12 steps to take now on the ICO’s website, you may wish to limit the risk of other breaches of the GDPR when it comes into force in 2018.

This article is an extract from SSP eye issue 10

About the Author

Richard Forrest

Company Secretary and Data Protection Officer — Richard has more than forty years’ experience of working in the IT services sector, for the most part serving the financial services industry. Richard sits on the main SSP management group, and is Company Secretary for all of the SSP group companies in the UK. He is head of Legal and Commercial for the worldwide SSP business, as well as being in charge of compliance and was appointed SSP’s Data Protection officer in 2017.

More from Richard Forrest
Previous Article
Why integrated commercial lines e-trading matters
Why integrated commercial lines e-trading matters

Insurers need to make it as easy as possible for brokers to do business with them whilst improving operatio...

Next Article
An insight into SSP Workflow
An insight into SSP Workflow

We caught up with Craig van Zeyl, founder and CEO of e5 Workflow, to better understand the application and ...

Working from home support from SSP

View resources