The GDPR and Insurance
Don't underestimate the preparation work
Celent has extensively covered the data topic within the insurance industry over the past few years. I notably defined a framework to help insurers identify factors to consider when investing in data-related initiatives in a report titled A Heat Map for Insurers’ Use of Consumer Data: Perspectives on Current and Future Data Challenges. For a majority of insurers, regulation — and more precisely consumer data protection regulation (interpretation, changes, and lack of clarity) — represents the major concern when using consumer personal data that is publicly available on social networks or on other internet sources.
With the General Data Protection Regulation, the European Union wants to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy. The GDPR has important principles that I think are important for insurers to understand:
- Fair data procession
- Lawful ground for processing
- Data security
- Personal data breach reporting
Insurers need to address all these principles if they want to be ready to comply to the new regulation by May 2018. To do so, I think it is important they assess the impacts of each of these principles on their organization. Among others, they need to mobilize relevant ressources to do the preparation work and implement a program that will allow them to comply with the regulation. In a connected world, integration between systems and data bases as well as interactions with customers need to be rethought. As we all know, insurers tend to have a sileod application architecture that does not allow them to have a full view of their customers and therefore their data. In other words, insurers need to integrate their existing system with a centralized registry. They also need to review and adapt their customer interfaces that are used to capture their consent. In our connected world, insurers need to give their customers access to their own data and allow them to amend it.
Overall I recommend insurers not to waste time and to underestimate the efforts needed to prepare for the GDPR. To help them in their preparation process, we have recently published a report titled The General Data Protection Regulation (GDPR): Impact for Insurers, whose objectives are:
- To define the GDPR,
- To explain its main principles and how they might impact insurers,
- To provide recommendations on key steps for the preparation work.