The GDPR and Insurance

Celent will help qualify your requirements and introduce you to the vendor
Spotted a missing vendor? Use this form to alert a vendor to the Celent service
Create a vendor selection project & run comparison reports
Register to access this feature
Click to express your interest in this report
Indication of coverage against your requirements
Vendor requires PRO subscription to activate this feature
Requires research subscription, contact Celent for more info
22 June 2017
Nicolas Michellod

Don't underestimate the preparation work

Celent has extensively covered the data topic within the insurance industry over the past few years. I notably defined a framework to help insurers identify factors to consider when investing in data-related initiatives in a report titled A Heat Map for Insurers’ Use of Consumer Data: Perspectives on Current and Future Data Challenges. For a majority of insurers, regulation — and more precisely consumer data protection regulation (interpretation, changes, and lack of clarity) — represents the major concern when using consumer personal data that is publicly available on social networks or on other internet sources.

With the General Data Protection Regulation, the European Union wants to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy. The GDPR has important principles that I think are important for insurers to understand:

  • Fair data procession
  • Lawful ground for processing
  • Accountability
  • Data security
  • Personal data breach reporting
  • Enforcement

Insurers need to address all these principles if they want to be ready to comply to the new regulation by May 2018. To do so, I think it is important they assess the impacts of each of these principles on their organization. Among others, they need to mobilize relevant ressources to do the preparation work and implement a program that will allow them to comply with the regulation. In a connected world, integration between systems and data bases as well as interactions with customers need to be rethought. As we all know, insurers tend to have a sileod application architecture that does not allow them to have a full view of their customers and therefore their data. In other words, insurers need to integrate their existing system with a centralized registry. They also need to review and adapt their customer interfaces that are used to capture their consent. In our connected world, insurers need to give their customers access to their own data and allow them to amend it.

Overall I recommend insurers not to waste time and to underestimate the efforts needed to prepare for the GDPR. To help them in their preparation process, we have recently published a report titled The General Data Protection Regulation (GDPR): Impact for Insurers, whose objectives are:

  1. To define the GDPR,
  2. To explain its main principles and how they might impact insurers,
  3. To provide recommendations on key steps for the preparation work.
sign in or register to read more

Insight details

Special Interest
Risk Management & Compliance
Content Type
Blogs
Report Type
Industry Trends
Location
Asia-Pacific, EMEA, LATAM, North America