Other parts of this series:
Insurers that align their business priorities to the principles of data ethics embedded in GDPR are likely to build a more secure and trustworthy foundation for sustained growth.
The European Union’s General Data Protection Regulation (GDPR), which took effect in May 2018, is a game changer when it comes to data sharing and privacy. The regulation requires businesses to explicitly disclose any data collection they make, and declare the lawful basis and purpose for data processing, the duration of data retention on their servers and if the data is shared with any third parties.
For insurers it means paying close attention to their data collection efforts and use. Those doing business in the European Union must follow the specified standards and may not share customer data without consent. Failure to comply can lead to hefty fines to the tune of 4 percent of their global revenue.
Forward-looking insurers that want to provide more personalized services to their customers will need to understand the distinction between ethical and unethical data use, and make compliance a high priority. They will also need to keep in mind that customers can request a copy of their collected data in a readable common format and ask to have their data deleted in certain circumstances.
Under GDPR, public organizations and businesses, including insurers, are obliged to hire a data protection officer (DPO) whose core responsibility is to manage compliance. Insurers must also observe the following principles:
- Privacy by default and design. Embed privacy in data processing across products and analytics, and ensure personal data is not used by default. This means no pre-checked boxes or opt-in by default.
- Purpose. Be transparent about why and what data will be collected, and provide the legal basis for any data processing, including storage. In certain cases, obtain explicit consent.
- Freedom of choice. Respect the data subjects’ right to choose the organizations with which they wish to share their data.
- Storage. State the duration for which data will be stored in relation to the stated purpose and delete data that has served its purpose.
- Integrity and confidentiality. Take measures to secure data from unlawful possession and loss, destruction or damage.
- Accountability. Demonstrate compliance for lawful processing of data, for example, by maintaining usage records.
The good news is that these regulations will give insurance customers greater confidence that their data is safe. Insurers that see compliance as an opportunity to align their business priorities to the principles of data ethics embedded in GDPR are likely to build a more secure and trustworthy foundation for sustained growth in the future. Reaching this level of maturity, however, calls for a well strategized data-driven transformation journey.
To learn more about GDPR considerations, I recommend reading the following:
In my next post I’ll introduce five insurers that are using personalization to delight their customers – I hope you’ll join me for the discussion.