Keeping it private: GDPR and developments in data privacy in 2018
Article Synopsis :
However you measure it, 2018 was a big year for data privacy regulation. The European Union’s General Data Privacy Regulation (GDPR), came into effect on May 25 and established the most rigorous data protection regime to date.
GDPR imposes many restrictions on the use of individual personal data and carries considerable weight. Even if a company has relatively little exposure to the EU, it is expected to toe the line.
GDPR will have considerable influence on the development of the insurance industry that is subject to this regime – and others such as California’s. , that choose to adopt a similar framework.
The rights of consumers
Data collection and usage is core to the global insurance industry in order to design, underwrite and distribute insurance products and services to consumers. Any restrictions on the retention, maintenance and processing of personal data could have a major impact on operational practices.
Perhaps of greatest significance are the enhanced rights individuals have, in particular, that make it easier for individuals to claim compensation for any violations. This means organisations complying with GDPR must put in place far broader compliance practices than ever before.
Organisations can still be subject to GDPR if it processes personal data of individuals who are in the European Union where the processing activities are related, even if they are not established in those regions. They must also demonstrate to authorities and data subjects that they have complied with the relevant provisions of the regulation.
Last year saw the State of California enact the California Consumer Privacy Act (CCPA), which follows the general themes of GDPR and will come into effect on January 1, 2020.
Multinational groups had already made GDPR a top priority, but they now face the potential for GDPR values to be enshrined not only in California but federal legislation quite separately from the California act.
The CCPA, like GDPR, imposes a number of restrictions on organisations beyond the physical borders of California, including any organisation that controls personal data and does business within the state related to the personal data of California residents.
General principles of what constitutes lawful processing of personal data have yet to be issued by California and it is thought the regulatory authorities, including the Attorney General, may issue guidance to cover this.
Make sure you measure up
GDPR is likely to become the yardstick by which corporate governance concerning personal data – particularly for the insurance industry –.is measured. If regulations similar to GDPR and CCPA are implemented more widely, consumers may become more aware of their rights and concede access to personal data to those businesses which are covered by regulation above those that do not. This offers an opportunity for insurance, but still requires a complete overhaul of the way insurers not only process data but a better understanding of how and why they do it.
Time will tell whether GDPR has a broader influence than the EU, but insurers must remain vigilant of how the industry – and the regulatory environment – is changing its sensitivity towards the safeguarding of personal data.
It is essential the insurance industry engages with legislators and regulators to ensure its voice is heard in the shaping future legislative and regulatory initiatives.
Link to Full Article:: click here
Digital Insurer's CommentsData has fast become a hot potato within insurtech. It must not be dismissed as a side issue, but be dealt with now if the industry is to encourage consumers to trust it – and prevent regulators and legislators extend GDPR’s principles even further. For that would undo much of the opportunity that insurtech presents for a modern, digital-first business model.
Link to Source:: click here