Back to news

InsurTech for GDPR compliance

31st January 2018

The majority of businesses are not ready for the General Data Protection Regulation (GDPR), which comes into force on May 25th 2018.

According to a global study by the Compliance, Governance and Oversight Council (CGOC) only 6% of the compliance officers surveyed felt that they were already GDPR compliant, while the majority were apprehensive over their company’s data disposal practices.

If you are found to be non-compliant it could result in fines of up to 4% of a company’s annual worldwide turnover or €20 million (whichever is higher). Unsurprisingly, organisations are looking to technology solutions to resolve their data management concerns.

We have highlighted the key challenges being faced and the opportunities that new technology can provide in addressing them.

The key GDPR challenges facing your business

1. All of your customer data in one place

Customers must have the right to view and request amendments to the data their insurance provider holds on them.

Legacy IT systems and disparate data sources make it difficult to consolidate your customer data and build one complete picture of your customer.

Platform technology that sits above existing infrastructure has the ability to resolve data siloes and deliver an integrated experience as well as provide a consolidated view of all of your customer data. Providing your agents with easy access to a single view of the customer, including all of their product holdings and previous interactions, demonstrates strong data governance and facilitates compliance reporting.

2. Managing customer consent

Businesses require specific opt-in consent from all of their customers in order to collect, process and store their data.

Insurance retailers are required to clarify what they use their client data for in order for customers to make an informed decision and tailor their consent preferences to restrict certain processing activities.

Achieving opt-in consent from new customers can be simply managed with website banners, cookie policies and privacy statements, making it quick and easy for the customer to access the necessary information.

Providing an additional consent management feature as part of your offering gives your customer control over what their data is being used for and the ability to restrict profiling or sharing of their data with third parties.

Delivering features like these, which allow customers to govern their own data, re-installs faith and trust in their insurance provider and increases retention.

3. Right to erasure & data portability

Your customers must be permitted the right to data portability and accuracy.

Technology platforms can ensure that all of your customer’s data is stored in one easily accessible place, making the right to erasure principle a lot easier to manage.

Providing customers with a personalised account portal allows for more than just compliance with data erasure principles; it can also be used as a way for customers to review the data you hold on them, keep it up to date, make amendments and request downloads.

4. Strengthening your data governance

Your data needs to be processed in an appropriate way not only to maintain security but also to ensure that customer data is used only for specified, explicit, legitimate and limited purposes.

Knowing what data your company collects is the first step to achieving strong data governance principles, and also helps to restrict the retention of unnecessary data. Technology can initially help to define the type of data your company collects and processes by classifying each data element as either personal or sensitive data.

The next step is being able to control how that data is processed.

New technology can apply multi-tiered authorisation controls to verify the appropriate use of customer data, for example in tailored marketing campaigns, ensuring an additional level of precaution in the use of both personal and sensitive customer data.

5. Data archiving

Under the GDPR, customer data should only be retained for as long as is necessary, or where it is a legal requirement.

Using technology to apply a set of maintainable rules enables quote and buy policy data to be archived or purged automatically. These rules can also take into account the relevant data retention period once a product has been cancelled or expired, and can depend on customer status. This requirement may vary by product, jurisdiction or changes in the law, making this a key area of concern for insurance retailers.


Platform technology can help your business with GDPR compliance

HUGHUB’s customer-centric technology platform places data at the heart of your business; resolving data siloes, unifying policy systems, tracking customers and their behaviour across multiple touchpoints and offering a consolidated view of the customer across all data sources.

With the GDPR implementation deadline fast approaching, find out how HUGHUB can help your business maintain compliance while achieving operational efficiency and delivering a better customer service.