Celent has advised insurers to review compliance with the EU’s new citizens data privacy rules, the General Data Protection Regulation (GDPR), which is due to be implemented in May 2018.
The GDPR is designed to protect EU citizens data privacy and is expected to change the approach firms take to handling data.
The regulation calls for a renewed focus on fair data processing, data subjects’ consent, accountability, data security, personal data breach reporting, and compliance enforcement, Celent said in a report on GDPR impact on insurers.
Celent Senior Analyst Nicolas Michellod said the GDPR principles “will have direct consequences on how insurers inform their customers on the use of their data and how they manipulate it.
“The territorial scope defined in the GDPR is vast, and we can wonder whether monitoring compliance of all companies subject to the regulation will be feasible.”
He recommended re/insurers take a five-step approach to tackling regulatory changes: “Starting with the mobilization of relevant resources and then specific actions including the mapping of data processing activities, the integration of systems, allowing connectivity, and fostering data services.”
For re/insurers, grey areas surrounding interpretation, changes, and lack of clarity of data protection regulation can be of major concern when accessing social media or other publicly available online data sources; thus firms stand to benefit from a proactive stance in assessing GDPR compliance to improve both current data usage policies and preempt potential future data issues.