With less than a year left before the European Union’s General Data Protection Regulation (GDPR) takes effect, a report by Consumer Intelligence (CI) warns that firms might have to delete millions of records if they fail get permission to keep information about any previous customers on file.
However, less than a third (32%) of drivers surveyed by CI and fast.MAP would give permission for their insurer to keep their information after they leave for “legitimate purposes,” - the criteria set by the rules.
Among this group, data revealed a “huge variance” – 40% of customers of the top-ranking brand saying they would give permission, compared with 19% of the lowest ranking brand.
Consumers who believed their insurance brand rewarded loyalty were more likely to say they had agreed to receive marketing messages, data further revealed.
“This suggests that giving customers a reason to opt in will substantially increase the proportion who gives permission for the insurance company to keep their details on file,” said CI.
For the most serious violations of the law, the Information Commission (ICO) will have the power to fine companies up to €20 million, or 4% of a company’s total annual worldwide turnover for the preceding year, said ICO Deputy Commissioner (Policy) Robe Luke in a speech last week.
On average, 64% of consumers believe their insurer keeps their data safely, according to the survey. But only 28% said they believed they had already agreed to receive marketing messages.
CI has listed three tips for firms to prepare for the new legislation:
- Start testing your GDPR compliant opt-in messages right away. Test which wording works best and keep improving it.
- Start asking permission to stay in touch with lapsed customers. Brands that leave it until the last minute will compete with a raft of others in various industries and it will be harder to convince those customers that you value the relationship.
- Include someone who can see the world through the eyes of the customer in GDPR planning. Secure data storage is fundamental, but navigating what GDPR means for brand perception and your sales pipeline should not be a by-product of compliance.
GDPR takes effect on May 25 next year. It aims to enhance the data protection rights of individuals in the EU and facilitate the free flow of personal data in a single digital market. It includes oversight over information that can be used to directly or indirectly identify a person, including bank details, posts on social networking websites and medical information.
Related stories:
Insurers face “large fines” for failing to comply with new EU data law
New data regulation could cripple insurers’ counter-fraud efforts – law firm
