EU and UK rules on when personal data can be sent or accessed outside of the European Economic Area (‘EEA’) and UK have tightened following an EU judgment known as ‘Schrems II’. Failure to comply with the new rules could in result in regulatory action (fines of up to 4% group global turnover or orders to stop international transfers), claims from individuals and activists, and reputational damage ultimately affecting QBE’s share price.
To comply with the stricter rules, from 6 March 2023 QBE is now required to risk assess its international transfers and put additional measures in place where necessary to protect EEA/UK-origin personal data (for example additional mandatory contractual wording and enhanced data encryption). As part of its ‘Schrems II’ compliance project, QBE has designed a new ‘Transfer Impact Assessment Process’ for engagement with new and renewing suppliers, supplementing QBE’s existing due diligence processes. This is a mandatory regulatory requirement.
The tool that has been chosen to complete the new assessment process is called One Trust, please use the materials provided below which have been designed to support QBE Suppliers.
If you have any queries please direct them to your QBE contact, or the Data Protection Team - dpo@uk.qbe.com