Today marks the last day of the Information Commissioner’s Office (ICO) consultation period on GDPR guidance for businesses and their partners who hold customer data. This milestone is of particular importance for insurers who typically use a larger number of different parties to store and process data on policyholders and claimants.
Nigel Edwards, head of UK at EXL commented “We now have only 6 months between us and the hard deadline for GDPR fines which will come into effect in May 2018. The end of the Information Commissioners consultation period is a key date as it puts the burden of action onto individual firms to become compliant. Insurers, due to the global nature of the industry, have the challenge of managing data silos across geographical boundaries and thus have a responsibility to ensure that all data-processing parties are able to respond to the new rules that GDPR will introduce.”
>See also: GDPR preparation: 5 steps to get ready
The ICO guidelines set out the liabilities that companies and third parties will have when handling and processing customer data. The EU regulation will affect all firms which store and process data belonging to European citizens and will demand substantial fines of up to €20 million or 4% of global turnover if the new rules are broken.
“We have seen various levels of preparedness when working with Insurance firms and often see the same common mistakes when attempting to move towards readiness,” continued Edwards.“Over-dependence on regulatory guidance is one of the pitfalls that many insurers are making – instead of taking their specific business situation into account, they tie themselves to guidelines and fail to become agile when taking on the regulatory burden.”
The insurance industry has been keen to get ahead of the new regulations as it could lead some insurers to re-evaluate their technology strategy and re-evaluate their relationships with third party administrators.
“Another area within the insurance business where we are seeing potential pitfalls is in technology. A range of new innovations have recently come into the sector such as geo-location and telematics. Questions regarding the impact of GDPR on the adoption and usage of new technologies are of high priority considering the increasingly data-rich operational climate,” concluded Edwards.