Do you know how the customer data you generate is stored and managed? If you don’t, time is running out. On May 25, 2018, any insurance provider handling European citizen data must comply with the new General Data Protection Regulation, GDPR.
What is the objective of the GDPR?
The objective of the GDPR is a sound one: to strengthen an individual’s right to data protection and to make the processes around data simpler for organizations. As a result, your customers have been given several new rights, the most important being:
- Right to receive fair and transparent information about the processing of their data
- Right of access
- Right to rectification
- Right to data portability
- Right to be forgotten
The problem arises if you don’t have the correct processes and approach to data management in place, and is of particular relevance to insurers as brokers and underwriters require customer data to create and implement effective policies.
What are you expected to know about your data?
The consequences of non-compliance are severe with fines of up to €20,000,000 or 4% of annual global turnover. Below are just some of the things you’ll be expected to know:
- What personal data you have recorded
- Whether individuals are allowed to use it
- The purpose and usage of data
- Where the data is stored
- Who has access to the data
What you didn’t know
Here’s the real bombshell.
Article 18 of the GDPR introduces the following new right for your contacts: on request, you must provide your customers with a copy of their personal data in a structured, commonly used and machine-readable format, and not hinder the transmission of this data to a new data controller.
This means that insurance policyholders cannot only request that you send their personal data to them, it also means that they can ask you to send it to your competitors.
Creating personal, customer-led policies, combined with a more compelling experience, has never been more important when it comes to retaining your customers.
Top challenges to being compliant
Unfortunately, when I say the GDPR is going live in nine months, what that roughly translates to is 195 working days (at the time of writing this blog). The following are the biggest challenges to reaching a compliant position in that timeframe:
- Identity resolution: being able to identify and unify a customer’s interactions across all touchpoints
- Consent overview: being able to show the documented steps you’ve been through to obtain an individual's consent in order to process their personal information
- Identifying purposes: having a clear path of what you intend to do with the personal information you hold
- Data governance: understanding how your data flows from system to system
Where do you begin?
Your first step is to carry out a gap analysis of your current data processes and situation as it relates to the new regulation. Identify the risks and begin isolating the challenges that may be posed in bringing you in line with the GDPR.
Then look to develop a strategy to overcome those challenges, and start thinking about the tools, technology and support you may need to introduce to help you achieve your objectives.
The silver lining
With better data management, which the GDPR is effectively going to force you to improve, comes the ability to quickly create and bring new insurance products to market; offer policies more attuned to the needs of each individual; and improve control, visibility and relationships between your product and customer data.
The end result: greater differentiation, increased sales, and happier, retained policy holders.
If you‘d like to find out more about how your business will be affected by GDPR, which resources will be needed to mitigate the challenges, and what solutions there are to help you become compliant, download this useful guide.
Or for more insurance related topics, please visit our insurance page.