European re/insurers are confident about their ability to comply with the new rules of the European Union’s (EU’s) General Data Protection Regulation (GDPR), which come into effect on May 25th, 2018, according to a report by A.M. Best.
The rating agency polled re/insurers on their level of preparedness at April 2018, finding that the market was generally confident in its ability to adjust to new regulations, with an average score of 7.7 on a scale from 1 to 10, a moderate improvement on the score of 7.0 recorded at A.M. Best’s June 2017 assessment.
Feedback suggests that GDPR compliance will lead to a number of improvements within the re/insurance market, such as more stringent data access rules, reduction of new data collection to the minimum necessary, and a generalised shift towards aggregate, anonymous data.
However, significant challenges for compliance remain, and A.M. Best reported that many companies were apprehensive about the increase in operational and legal complexity posed by the new guidelines, as well as the tight reporting window for breach notification.
Additionally, re/insurers with large business portfolios, and particularly those skewed towards the retail segment, may face difficulties regarding new individual rights requirements, such as a subject’s access rights and the right to be forgotten.
A.M. Best also found that most companies were relying on external consultants to ensure compliance, especially for companies with operations spread across multiple jurisdictions and EU member states, which have variations in their GDPR guidelines that complicate both centralised data management and cross border data flows.
Moreover, whilst some requirements have been met by re/insurers through an upgrade of existing functions, others, such as the need to have specialised resources like data protection offers, have represented entirely new costs, with some companies reporting GDPR-related outflows in the tens of millions.
Failure to comply with GDPR regulation, which applies to all personal data held by re/insurers, will result in fines of up to 4% of a company’s annual global revenue.
