The following is an opinion article by Clive Rumsey, commercial director, REaD Group. The opinions expressed within the article are not necessarily reflective of those of Insurance Business.
General Data Protection Regulation (GDPR) will be coming into force on May 25 this year. With less than four months to go, the biggest shake-up in EU data legislation should be top of the agenda for UK insurers, and indeed for any company in possession of European citizen data. Under the regulation, individuals will have the right to request information about how their data is being used, the right to object to its use and the right to be forgotten by companies in possession of their data.
In recent good news, Government research into UK business readiness for GDPR has revealed that organisations in the finance and insurance sectors are most aware of the changes. And so they should be! You’d expect it given that for companies operating within this sphere, they stand to lose the most from poor data governance. The research revealed that 54% of businesses in the financial and insurance sector have made changes ahead of GDPR. This preparation is a great start however the full extent of the legislation is still yet to be realised, therefore work has only just begun and May 25, 2018 shouldn’t be seen as the finishing line for the new regulation.
It is important to ensure that the sector can continue operating smoothly while transitioning from the existing Data Protection Act (DPA). In addition, there is still some ambiguity surrounding certain parts of the regulation. Businesses are still waiting with baited breath for more definitive information from the Information Commissioner’s Office (ICO), surrounding the guidelines on consent. This will have to wait until the Article 29 Working Party has finalised the feedback from the consultation window, based on the release of the consent consultation document, likely to be nearer the end of the first quarter of 2018. But, in all likelihood, there will not be a large deviation to the consent guidelines that have so far been published. In the meantime, insurers must use the time in-between to lay the correct foundations to build upon come May.
The next few months present a clear opportunity for insurers to reassess their data strategy. They can go the extra mile in realigning the compliance of data storage systems, and in turn re-engage and drive loyalty with customers, to offer them even better levels of service. By investing time and effort to become fully compliant with these new laws, insurers will be able to interact with customers on an individual basis and provide more transparency around what they do with their data. In order to attract and retain customers, insurers must prove themselves to be trustworthy by remaining one step ahead of the GDPR. And in this post-GDPR data nirvana, we’ll all benefit from more engaged and positively disposed customers.