The reality of GDPR for the insurance industry

There is still some ambiguity surrounding certain parts of the regulation

Opinion

By Contributor

Mar 27, 2018 Share

The following is an opinion article by Clive Rumsey, commercial director, REaD Group. The opinions expressed within the article are not necessarily reflective of those of Insurance Business.

General Data Protection Regulation (GDPR) will be coming into force on May 25 this year. With less than four months to go, the biggest shake-up in EU data legislation should be top of the agenda for UK insurers, and indeed for any company in possession of European citizen data. Under the regulation, individuals will have the right to request information about how their data is being used, the right to object to its use and the right to be forgotten by companies in possession of their data.

Search and compare insurance product listings for Identity Theft from specialty market providers here

In recent good news, Government research into UK business readiness for GDPR has revealed that organisations in the finance and insurance sectors are most aware of the changes. And so they should be! You’d expect it given that for companies operating within this sphere, they stand to lose the most from poor data governance. The research revealed that 54% of businesses in the financial and insurance sector have made changes ahead of GDPR. This preparation is a great start however the full extent of the legislation is still yet to be realised, therefore work has only just begun and May 25, 2018 shouldn’t be seen as the finishing line for the new regulation.

It is important to ensure that the sector can continue operating smoothly while transitioning from the existing Data Protection Act (DPA). In addition, there is still some ambiguity surrounding certain parts of the regulation. Businesses are still waiting with baited breath for more definitive information from the Information Commissioner’s Office (ICO), surrounding the guidelines on consent. This will have to wait until the Article 29 Working Party has finalised the feedback from the consultation window, based on the release of the consent consultation document, likely to be nearer the end of the first quarter of 2018. But, in all likelihood, there will not be a large deviation to the consent guidelines that have so far been published. In the meantime, insurers must use the time in-between to lay the correct foundations to build upon come May.

Obtaining permission from customers

One of the key considerations of GDPR is around consent; in other words, the permission given by an individual to allow the processing of their personal data. The insurance sector may find it more difficult to obtain this consent from customers than other sectors. Customers may be more reticent about interacting with insurance companies, seeing their services as ‘necessary’ but not something they want to go out of their way to engage with. Insurers should therefore ensure that the customer consent process is made clear, specific, transparent and informed. This can be achieved by explaining what data the insurer is asking for and highlighting how the customer will benefit from the insurance package. And what better way to do that than by explaining how they will receive more tailored deals as a result?

Legitimate interest as a customer engagement tool

As with any legislation as far-reaching and complex as GDPR, there will be circumstances where the rules of the regulation are more ambiguous. For example, obtaining active ‘consent’ from a customer may not be needed in circumstances where businesses have a legitimate interest or other legal basis for contacting them. In the case of businesses in the insurance sector, companies would not need to obtain active consent to contact customers about their contract, but they would need permission if they were to market to them. This idiosyncrasy makes it more challenging for insurance companies wanting to market to their customers. Thanks to a power shift away from companies and into the hands of the consumer, insurance providers will have to compete more fiercely for continued custom. They can do so by intelligently analysing existing data and ensuring that customers are approached on the right terms.

GDPR and Data-as-a-Service (DaaS) solutions

GDPR will inevitably change the way in which the insurance industry operates, particularly considering the fact that the sector is highly data-driven. Companies that are still in doubt about the necessary steps to take can consult Data-as-a-Service (DaaS) solutions. By introducing DaaS into the marketing process, insurers can maintain the accuracy of data, target the right customers and ensure better decisions at every stage of the customer lifecycle. Improved databases will enable insurance companies to build up a clearer picture of who their customers are, and how to create the perfect insurance package to suit their individual needs.

The next few months present a clear opportunity for insurers to reassess their data strategy. They can go the extra mile in realigning the compliance of data storage systems, and in turn re-engage and drive loyalty with customers, to offer them even better levels of service. By investing time and effort to become fully compliant with these new laws, insurers will be able to interact with customers on an individual basis and provide more transparency around what they do with their data. In order to attract and retain customers, insurers must prove themselves to be trustworthy by remaining one step ahead of the GDPR. And in this post-GDPR data nirvana, we’ll all benefit from more engaged and positively disposed customers.

GDPR ready: UK insurers 'leading the march' towards compliance

Fetching comments...