We use cookies to improve this site and enable full functionality. You can change your cookie settings at any time using your browser. Our cookie policy.

Is the insurance industry ready for the GDPR?

Is the insurance industry ready for the GDPR? | Insurance Business

Is the insurance industry ready for the GDPR?

In an industry like insurance, where more data often means better decisions, legislation like the GDPR – which comes into force next May – means big change.

“At the very highest level, the GDPR is a huge deal for insurance companies,” Jason Du Preez, CEO and founder of privacy engineering firm Privitar, told Insurance Business.

Insurance is one of the most data-accruing industries, as information underpins decisions, but naturally much of this data is extremely sensitive – meaning insurance companies could have huge exposures under the new data protection laws.

But while the GDPR will bring in potential fines of up to 4% of an entity’s total revenue worldwide, the legislation is not driven by the desire to merely punish companies, according to Du Preez.

Want the latest insurance industry news first? Sign up for our completely free newsletter service now

“The purpose of the legislation is not to impose restrictions and create friction, it’s actually the converse,” he said. “It’s saying, first and foremost, we want you to know what data you have and understand that very comprehensively, and we then want you to understand how that data is being processed and used, and we want any algorithms or profiling you’re executing on that data to be explainable and transparent.”

The high-level objective of the regulation is to make it easier to extract value in a digital economy, and to drive organisations towards taking a data-centric view of their businesses, Du Preez said.

However, much of the industry’s infrastructure is still some way from being ready – “so there is going to be a massive exercise and undertaking that will need to occur in order to be in a position where there is no risk of a very severe penalty.”

When it comes to compliance, the first step is for firms to understand the data that they hold – which can be a pretty daunting task – and only then can the data and the surrounding risks be analysed.

“I’m familiar with even some smaller insurance firms and brokers that have generated huge amounts of data and accumulated that over the years, and that presents quite a challenge,” Du Preez added.

Related stories:
AIG reveals impact of Ogden rate cut, Berkshire Hathaway deal
Intercontinental Hotels Group reveals cyber attack on thousands of locations