GDPR

GDPR2018-03-02T11:01:53+00:00

Is your supply chain the weak link?

There’s a lot to do isn’t there? We engage with clients across the Claims world and we know GDPR Compliance is stretching even for the most well organised business and, of course, poor compliance isn’t an option.

The businesses we engage with are actively committed to meeting GDPR requirements, however the level of readiness varies significantly across the marketplace. Nevertheless, we all have a common hard end date in May.

Our research shows that typically, claims functions are on top of what’s happening in house and are  taking steps to ensure everything runs smoothly come May.

They are also being reassured by supply chain partners that compliance is progressing, but as many suppliers will be processing personal data (and possibly involving sub contractors), claims functions need more than just reassurance.

Gaining Assurance

The kind of questions our clients want answers to include:

  • Do you know how your suppliers process their waste paper?
  • Do they store your customer data in their own systems along with other client data?
  • Who has access to it?
  • Do they have suppliers of their own who they share data with?
  • Do your contracts need revising to ensure GDPR compliance?

The market message is consistent – along with resource pressures, it is uncertainty around the compliance of the supplier’s supplier that is the big concern.

Download our GDPR Document

SX3’s Solution

In response to the demands of the market, SX3 has combined its claims and compliance expertise to  develop a service that assesses claims department suppliers as to how ready they are for the new  GDPR requirements.

Our assessment programmes look at the core requirements of GDPR in terms of how they would apply to claims suppliers (whether as Processors or Controllers), and which have been attuned to the nature of the service performed by the supplier.

Importantly, we will look beyond the first tier of suppliers, to see how they have validated those who they subcontract to.

Benefits

Our comprehensive assurance programme combines consultants who understand how supply chains work in practice with the capability to audit your suppliers’ performance against each and every GDPR Article, giving you the confidence you need to know your interests and those of your customers are fully protected.

Our GDPR offering in detail

Coverage

Claims Service Providers, including those working as either Data Processors or Data Controllers. Bespoke to supplier type: AMC’s, Engineers, Hire Co’s, Investigators, Loss Adjustors, Salvage, Solicitors, TPAs

Key Scope Areas

Third Party Management (Including contract changes) / Incident & Breach Management / Governance & Policy / Assurance (1st & 2nd Lines of Defence) / GDPR Risk Management / Data Inventory / Employee Readiness / Capability / Procedures & Controls

Enhanced Services

In addition, we can help you track any recommendations through to conclusion and we offer consultancy to assist you in remediating any issues. We can also provide regular health checks to validate ongoing compliance.

Silver
Overview

Form of assessment

  • Discussion with service provider regarding the implementation and application of GDPR regulations

Output

  • Verbal update and recommendations to service provider
  • Management summary of findings and recommendations

Completion: 1-2 days

Gold
Assessment

Form of assessment

  • Discussion with service provider regarding the implementation and application of GDPR regulations
  • Auditor assessment of Key scope areas to validate GDPR application

Output

  • Verbal update and recommendations to service provider
  • Management summary of findings and recommendations
  • Outline assessment of each key area of scope and success against each GDPR Article requirement

Completion: 2-5 days

Platinum
Audit

Form of assessment

  • Discussion with service provider regarding the implementation and application of GDPR regulations
  • Auditor assessment of Key scope areas to validate GDPR application
  • Strength testing of Key scope areas
  • Itemised audit & risk assessment of each individual (applicable) GDPR Article

Output

  • Verbal update and recommendations to service provider
  • Management summary of findings and recommendations
  • Detailed assessment of each key area of scope and success against each GDPR Article requirement
  • Detailed GDPR risk assessment

Completion: 5-10 days