About the European Union’s new data privacy law
There is a good chance that over the past few months you have had a number of emails from companies about how they have updated their privacy policies. Pretty much every major company around the world has actually done so in the past few months and the main reason as to why is that the EU’s General Data Protection Regulation (GDPR) becomes enforceable on 25 May 2018.
The GDPR is a regulation passed by the EU that has been put in place to protect the data, information, and privacy of citizens of the EU’s member countries. The primary aim of this regulation is to give people the right to, and control of, their personal data. It also pushes for clearer and easier to understand data privacy policies.
The most important aspect of this law however is that it does not just apply to EU citizens living and residing in the EU. Instead, it applies to all foreign companies who process the data of EU residents (both foreign and citizen).
In other words, companies who have operations, say, only in Hong Kong, Singapore, or countries outside of the EU but who sell to Europeans and collect data on these customers are now required to meet the regulations set out by the GDPR.
Why update now?
Here at Pacific Prime Hong Kong, one of the insurance products we sell is International Private Medical Insurance (IPMI). These products are designed to cover people on a world-wide basis and are incredibly popular with expats.
These sections include:
- Our stance on data collection, processing, and protection
- What data we collect
- Who collects the data
- How data is collected
- Consent and data
- Why we collect data
- How we use the data collected
- When we share data
- How you can view, edit, or delete your data
- How we utilize cookies
There is a fair amount of information in this policy but the gist of it is: We only collect data that is contractually necessary (insurers require specific pieces of data in order to underwrite and sell you a plan – as a broker we are required to collect this data if you purchase a plan from us) and data for marketing purposes.
Data collected by us is never sold and only provided to third parties (e.g., insurers) as contractually necessary. Data that is not required for specific applications is either not collected or shared if it has been collected in the past.
Is Pacific Prime compliant with the GDPR?
We have taken every possible step to ensure that the data we collect and store is done so in a compliant manner with not only the GDPR but also Hong Kong’s Personal Data (Privacy) Ordinance.
I am not from Europe, does this law apply to me?
It is important to stress here that while the GDPR regulations only pertain to EU residents and citizens, we have taken steps to implement these requirements across the company.
If you are not a member of the EU yet request us to delete your data, we will do so. Be aware that if you are in the process of applying for health insurance or other coverage and request your data to be deleted, you could face delays or complications with the application process.
Where relevant, we will also follow local privacy regulations.
Will I need to provide Pacific Prime Hong Kong any information?
Pacific Prime Hong Kong has been following the GDPR’s regulations in some form or another for a number of years now. As such, any processes already in place are already compliant. This means that you do not have to do anything or provide us with any information if you are already a client.
If you are not a client, we will not request any data from you unless you choose to provide it, or it is required in order for us to start the process of securing insurance.
Should you have any questions about this policy or any other business that we undertake please do contact us today.