Insurance companies could be facing an onslaught of information requests from consumers when the EU General Data Protection Regulation (GDPR) comes into force later this month, it has been warned.
40% of UK consumers intend to exercise their new rights to data access under the GDPR in the next six months, new research has revealed. Of those planning to file a request, more than half (56%) said they will be targeting financial services companies, including insurance companies, the study from multi-cloud data management firm Veritas revealed.
Under the new GDPR, EU residents will have greater control over their personal data, including the right to ask organisations what data is held on them and enhanced rights to have that data deleted.
In the light of the expected high volume of requests, and with just a few weeks to go before GDPR implementation, the insurance industry will need to get its ducks in a row.
“It’s imperative that companies in this sector are able to demonstrate that they are managing and protecting personal data in a compliant way, and are able to respond to requests from individuals quickly and with a high degree of accuracy,” Tamzin Evershed, senior director and global privacy lead at Veritas, told Insurance Business.
“Under the new laws, requests from individuals to exercise their rights over their personal data must be answered within one month. But very few businesses have full insight into all the data they hold,” Evershed said.
“In order to prepare for a potential onslaught of requests from consumers, it is critical that insurance companies employ tools that can help them locate and manage data efficiently and effectively. Businesses that fail to recognise the importance of responding to data subjects’ requests will be putting their brand loyalty, reputation and profits at stake.”
Among the key drivers for consumers wanting to file a data access request were the idea of having increased control over personal data, and gaining a clearer understanding of what data companies hold on them.
Almost half said that a company experiencing a data breach was more likely to prompt them to file a request, and more than a third said they did not trust companies to effectively protect their personal data.