The insurance sector will miss the General Data Protection Regulation (GDPR) compliance deadline in 2018, according to international law firm Clyde & Co.
“Whilst some companies within the insurance sector have made good progress towards GDPR compliance, we know that there are large parts of the industry that have not made adequate plans for compliance with the new regulation by May 2018,” said Mark Williamson, a London-based partner at the firm.
The prediction is Clyde & Co’s “most confident” of the year, one of a wider set of forecasts for the global insurance industry in 2018. Other predictions include an increase in regulatory scrutiny of insurers’ use of algorithms, and a heightened focus on how insurtech itself is best regulated.
Despite the fact that “many businesses within the insurance sector” will miss the May deadline, it is never too late to start a GDPR compliance project, according to Williamson.
“Confusion on how to tackle GDPR, compounded by poor advice from unqualified consultants, has led to the industry’s slow progress towards GDPR compliance,” he said.
However, in reality it should be possible for the sector to properly grasp the important task of becoming GDPR-compliant through a number of a steps.
“(1) having a good understanding of its core business, (2) obtaining an overall picture of how the sector collects and uses personal data and (3) then analysing how the sector uses personal data against an article by article understanding of GDPR,” the partner explained.
“This approach should set the industry on the right path to compliance with the biggest change in data protection laws in more than a generation – with the penalties for failing to comply too large for the industry as a whole to ignore.”
As the GDPR’s implementation date looms ever closer, data suggests that businesses are turning to cyber coverage as a form of protection.
A recent survey conducted at CFC Underwriting
’s annual cyber symposium in London found that 80% of respondents were seeing a rising demand for cyber insurance as a direct result of GDPR. This was consistent with the firm’s findings in 2016, which foresaw the GDPR’s potential impact on demand for cover.
CFC’s chief innovation officer, Graeme Newman, said: “I think that there is a greater realisation as GDPR looms ever closer that cyber insurance can offer a valuable lifeline. As well as protecting them against the emerging threats of the digital age, the right provider will give insureds instant access to carefully selected specialists who can guide them every step of the way from creating an incident response plan to dealing with a cyberattack.”
Can UK SMEs withstand the repercussions of GDPR non-compliance?
Demand for cyber insurance rising in the UK pre-GDPR