The implementation of the General Data Protection Regulation (GDPR) in May 2018 had a global impact, affecting insurers, financial institutions, and businesses worldwide. Many organizations had to make significant changes to their data collection and usage practices in order to comply with the new regulations.

The GDPR set a high standard for privacy protection. However, it is not the only data protection regulation that companies must adhere to today. Since then, US states (e.g., California’s Draft Risk Assessment Regulations) and countries across the world have introduced their own privacy regulations, their own versions of the GDPR framework.

The existence of multiple privacy regulations poses challenges for companies, particularly in terms of understanding and navigating the various rules, obligations, and breach reporting requirements. As the privacy regulatory landscape continues to evolve, companies may face challenges in relation to privacy compliance.

This report highlights the data driven priorities of P&C insurers and explores many of the points where data privacy must be an area of focus on leaderships radar.