At over 330 years old, Lloyd’s is the most recognisable insurance institution in the world. Specialising in non-standard risks others cannot or will not insure it is something of a world renown institution.
It is also necessarily a complex market place, steeped in history yet embracing the future. For example Lloyd’s works on a 3 year cycle – the time it took ships to circumnavigate the globe. It also can place Cyber insurance at a range of insurers.
The individual syndicates who make up the market place are always looking to evolve. As a result change programmes with innovation are a constant theme.
But how to translate complex projects to investors and boards who need to see everything on a single page?
One of consultants was approached with this very challenge, one which we were more than happy to oblige with. Step forward our Product Delivery Roadmap now part of a board pack in the Lloyd’s building.
One of our fathers had just been watching the UK news . The UK transport minister had just seen a £33 million out of court settlement to Euro Star because a tender process had gone a tad wrong.
The penny had dropped; a career in procurement was suddenly vindicated as the consequences of not doing a proper job was being broadcast to the nation.
It is actually quite difficult to present the issues which led to the pay out seem true rather than made up, as they are so farcical. It was a near £14 million pound contract awarded to Seabourne Freight to move medical supplies, by sea, that had a couple of snags;
The firm had no real trading history
And had not ran a ferry service before
Its terms and conditions referred to website food orders
And they had no ships
And so they found legal action on their door step from Euro Star over the was the contract was awarded.
Now we are sure that there were reasons why the 4 points above were ignored/overlooked (there must be right?) but the point remains that even on lesser oversights, running a procurement process properly is actually quite important.
By the 25th May 2018 GDPR comes in to force and it affects anyone who trades with anyone within the EU.
Within the UK there are now thousands of experts in the field, guiding companies through the process of readiness, changing contractual terms for their suppliers (and increasing limits of liability for breaches if uncapped liability not an option) and generally keeping compliance departments really really busy.
Potential fines are HUGE (4% of global turnover) and will fund regulators so expect there to be fines. The biggest risk to individual companies however is the claimant solicitors all ready in the wings to take on cases where people feel their data has been breached. Seriously, just do a google search and see how many domain names have already been registered in anticipation.
We would outline the details of the forthcoming legislation and a handy guide of what to do, how and when. But it’s not straight forward and it’s probably best to hear it from those managing it, such as the ICO in the UK.
What have we done?
Whilst reviewing the legislation as a whole got dull quickly, how it affected us (we are ever so slightly narcissistic) did not and we’ve held a number of compliance meetings over the past 6 months. The outcome of which can be summarised as follows in terms of how we have interpreted the act and what we have done about it.
Privacy by design
This is a phrase oft repeated when discussing the act but it really is pertinent. We have reviewed every single one of our processes (that was a fun week) from searching on our site to making a purchase and have ensured that this principle is upheld EVERY SINGLE TIME.
What this means in real words;
We only use the data you supply when making a purchase to process your purchase
It is has NEVER been used for anything else and never will be
We don’t auto-sign you up for anything.
Anything you do sign up for (news letter, creating an account) is strictly opt-in only
We have never sold or passed on data, we’re not about to start
Actually, this was the easy bit for us – we didn’t really need to do or change anything, just map it all out. We’ve also never had adverts or banners on the site so that was another area we didn’t have to consider.
Retention of Data
The act is quite clear in that records should only be held as long as they need to be, and to be fair this has not changed from the current legislation in the Data Protection Act.
We do retain purchase records because we are often contacted by customers who have changed PC’s or lost their template and ask us to resend it, sometimes many years after the purchase date.
Because we actually like helping folk out we’ve been more than happy to do this at no charge but after much internal debate we’ve concluded that we need to auto delete purchase records after a suitable period. Presently we are fixed on retention for 60 days and have already deleted thousands of records ahead of May.
In real terms this means we will happily carry on helping folk out who have lost a template purchased a few years ago, we just won’t be able to find the purchase record so it will be imperative that you retain your invoice.
We’ll issue a further update ahead of May, but rest assured we are taking the whole GDPR thing ever so seriously.