This is a brief note for the insurers of companies looking as to what changes will be required to comply with the General Data Protection Regulation (GDPR) which comes into force on 25 May 2018. This will increase the responsibilities that are placed on organisations when collecting, managing storing and disclosing data.

Introduction of the new rules has given rise to concerns over claims defensibility. A number of companies have taken the view that they will need to be cautious about what documents should be retained and have even gone as far as to begin destroying documents. There is a real risk that by being too cautious about the data that is retained, crucial information may be lost which could result in an inability to defend future claims.

It is important for organisations to understand that the GDPR does not require the blanket destruction of documentation. It does require organisations to understand what data they hold and be able to justify the processing or retention of it but this includes ensuring that documentation which may be important for future litigation is properly retained.