Audit for GDPR compliance of an insurance broker

The General Data Protection Regulation (GDPR) was adopted in May 2016 and came into force on 25 May 2018. This text is applicable to any body handling personal data of European citizens inside and outside the European Union.

In this context, following a minor incident, a group of insurance brokers asked INQUEST consultants to reflect on their maturity in this field and to consider a full compliance within the four subsidiaries that make up the firm.

After the intervention of an external firm, the first register of treatments is formalized, but the group wants to go further in its RGPD audit approach. It, therefore, decides to turn to INQUEST’s cybersecurity consultants.

INQUEST provides a comprehensive range of consulting services in the field of DPM data protection. Its consultants assist companies in two main areas:

• Identification of the risks related to this regulation.
• The implementation and monitoring of appropriate compliance plans.

GDPR CONSULTING

Based on their initial analysis, they identify several areas of compliance gaps within their client’s organisation. They therefore propose to accompany the insurance broker on the following priority points:

• Documentation of compliance
• Internal and external communication
• Management of customer requests
• Management of personal data breaches and security incidents
• Retention and deletion of personal data
• Informing people
• Third-party supervision

At first, support focuses on raising the awareness of the members of the management team. This involves setting up workshops with the various directors of the group’s subsidiaries.

The goal is to establish specific procedures for each entity. Those workshops also enable us to finalize the treatment register, a compliance document made mandatory by the GDPR.

Using a well-trained and caring approach, INQUEST consultants create a climate of trust that enables them to transform each member of management into a fully-fledged player in the compliance process. Their close collaboration with the RGPD referent, their mastery of the technical and legal issues related to this subject, as well as their understanding of the insurance sector, contribute to the success of this mission.