Coverholder and TPA Model GDPR Readiness Questionnaire
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018. This is likely to impact many coverholders and TPAs, either by virtue of processing data in the EU or by processing personal data of data subjects in the EU.
The LMA has drafted a model questionnaire in conjunction with the market and Lloyd’s to support managing agents in confirming that coverholders and TPAs will be compliant with GDPR.
As part of the ongoing compliance oversight initiative, Lloyd’s will also be sending the questionnaire to coverholders in the EU on behalf of managing agents, and will undertake a high level review to triage questionnaires received back from coverholders. This high level review will be limited to exception reporting based on responses from drop down responses within the questionnaire. Lloyd’s will not be in a position to agree or sign off that coverholders are GDPR compliant and it will be up to managing agents to discuss any issues identified with coverholders.
Coverholders will be given until 12 March 2018 to respond as part of this central exercise. The intent is for Lloyd’s to provide responses and analysis to managing agents the following week.
This should lead to a reduction in duplicative questionnaires received by coverholders, and should assist managing agents in highlighting any coverholders that may require additional review or assistance. It should also provide a tool for coverholders and TPAs to self assess against in highlighting key areas of the regulation.
Managing agents may also wish to use the questionnaire for reviewing coverholders located outside of the EU which are writing European business, and for TPAs.
The questionnaire has been allocated clause number LMA9143 and will be uploaded to the Lloyd’s Wordings Repository (LWR).
A copy of LMA9143 Model GDPR Readiness Questionnaire can be downloaded below:
Any queries regarding this bulletin should be addressed to Tom Hamill: email@example.com or 020 7327 8377.
Manager, Claims & Delegated Authority Operations