With just six months until GDPR hits Europe hard, Finance Monthly has heard from Nigel Edwards, SVP of Insurance Europe & Head of UK at EXL Service, on the threat GDPR poses to emerging technologies, fintech, regtech and so forth.
For insurers, the General Data Protection Regulation (GDPR) promises to be a difficult hurdle to overcome without the right strategic approach and expertise. Businesses in the insurance industry are some of the most vulnerable to being caught wrong-footed by the incoming GDPR rules because of the data rich environment they naturally operate in. The widespread use of third party administrators means that data flows can be difficult to control in a way that keeps firms compliant with the new regulation. Another question that is high up on the agenda for industry decision-makers is the effect that GDPR will have on future technology adoption.
In recent years, the insurance sector has undergone an unparalleled degree of technological disruption. Telematics technology, for example, has dramatically changed how insurers price policies by gathering data on individuals’ driving habits and behaviour. The use of social media analytics is making the claims process more straight forward and the use of technologies such as geo-location is creating better conditions for underwriters to evaluate pools of risk. One thing that these technologies have in common is their reliance on large amounts of collected customer data to function effectively. Will these techniques be hamstrung by the demands placed on companies under the GDPR regime?
Assessing the data ecosystem
For the most part, GDPR will not force insurers to curtail technology adoption, so long as precautionary steps are taken to better manage the data inputs and outputs on which new technologies rely. All of the existing InsurTech solutions that are on the market or close to arriving will remain options for brokers and underwriters to incorporate into their strategic spend – but only if the underlying infrastructure is in place to enable the rigorous management of client data.
Perhaps one of the most onerous demands placed on businesses due to GDPR is the so-called ‘right to be forgotten,’ which will grant EU residents the right in some places to request a full removal of their personal details from any company’s systems. For many insurance firms, of which a large proportion will have been trading since the start of the age of digitisation, large caches of over 30 years’ worth of client data have been accumulated. This is data which may not be in a single standardised format and spread across siloes in multiple locations – posing a considerable challenge when it comes to compliance to right to be forgotten guidelines.
Aligning with a long-term strategy
For new technologies to remain viable, steps must be taken to ensure that the core infrastructure upon which data is stored and transferred is responsive to frequent requests for deletion or transfer. This may result in the overhaul of legacy IT systems which are not fit for purpose and a more selective retention of customer information, as opposed to a policy which swallows up large pools of data indiscriminately.
Whilst this may entail some capital outlay, the decision to update legacy systems should be taken in the context of a new stance towards regulatory compliance. The GDPR is just one regulatory hurdle that must be overcome by insurers next year, but it can serve as a starting block for a more agile approach to data handling – especially for firms who have historically neglected the task. In the long term, laying the foundations for new technology adoption will not only facilitate better business agility but also a more intuitive approach when interacting with clients and their data.