Skip to main content
Uncategorised

#GDPR: How Will it Work in Practice for  #Insurance Customers? #generaldataprotectionruling

By 9th January 2017No Comments

Picture

Written by: Chetan Patel, Head of Risk and Compliance, UK and Ireland, Insurance, LexisNexis Risk Solutions


Article care of LexusNexis.

The General Data Protection Regulation (GDPR) will represent the biggest change for a generation in data protection and privacy, and it will apply from 25 May 2018.
GDPR has many positive aspects for individuals, such as the way ‘consent’ must be freely given for use of personal data by affirmative action, and for companies to be more transparent in giving ‘fair notice’ of how personal data will be used.
Balanced against this, it presents some complex problems for companies. As a case in point, the use of personal data for preventing fraud or ID theft (something insurers coordinate very closely together in the interests of genuine consumers) does not typically hinge on consent. There are aspects of legitimate use of data and contractual necessity that don’t fall inside the concept of consumer consent, but they can still comply with GDPR.
In the second part of our blog series on GDPR and its impacts on insurance, I will look at how we’ve been reviewing the regulation in the context of our systems and processes.
Q: How is GDPR likely to work in practice?
A: Some industry observers are predicting there will be a further rise in legal challenges from individuals and groups that promote privacy issues on behalf of consumers, with a rise in awareness.
Through the obligation of transparency, GDPR provides opportunities for the industry to be more open with its consumers, to foster trust, and engage more in how and why their data is processed by us. The positive sum to this is that consumers may, in turn, be more willing to engage with the insurance industry and reduce the inherent mistrust in what has historically been deemed as privacy intrusive technologies and processes such as  profiling.
The ‘fair processing notice’ means that companies must provide transparent information to data subjects. This must be done at the time the personally identifiable information (PII) is obtained. The GDPR steps to ‘fair notice’ go much further than the principles already followed in the current Directive. For example, the information to be given to the consumer is more comprehensive and it includes things like informing them of their rights and the ability to withdraw consent. How this information will be provided in a clear way, within the current insurance sales process (typically an interaction of a few minutes on a website) is still being interpreted and worked upon.
Another change with GDPR is the ‘one stop shop’ clause which puts the onus on the home national regulator to hear and act on any complaints against a company which processes data in their country, and to pursue any legal action required against them.
This was one of the primary features of the new law when it was first proposed by the European Commission. A new legal concept of Lead Supervisory Authorities is being created with GDPR, who together with the Supervisory Authority Concerned are being given new powers to intervene in another country if they feel the Lead regulator is being too lenient.
Personal data, technology and therefore compliance will become increasingly important and they will become an important factor of competitive advantage by the generation of trust.
Q: How will it affect our insurance clients?
A: There are a number of considerations LexisNexis Risk Solutions and our customers need to take into account regarding security standards, consumer disclosure and privacy in advance of the regulation being enforced.
As a leading information and analytics provider, we have a working group examining the complexities and opportunities that are presented by the GDPR and are taking measures to ensure compliance.
We are committed to being a good custodian of consumer data on behalf of our insurance customers. This is not a commitment we take lightly. Our entire business is built on a foundation of being a good custodian of consumer data including upholding the highest standards in privacy, notification and security. We are already aligned to many GDPR measures. For example, we have ISO 27001 certification which is closely aligned to the information security credentials and frameworks contained in GDPR. Our data centre controls are also SSAE-16 certified and internationally we work with the leading public agencies and law enforcement authorities.
The LexisNexis working group is working through several areas addressed in the current regulation: data portability, accountability, compliance, data security standards, consumer disclosure and privacy.
We are assessing at this time how the regulation will affect our internal processes and insurance solutions, leveraging the extensive experience we have in protecting consumer data, ensuring privacy and adhering to high standards of security.
Our breadth of data assets, proprietary LexID linking technology and decades of experience in consumer data management provide LexisNexis Risk Solutions with a superior method for linking records and distilling valuable insights for our customers, working under compliance.
Whilst we don’t anticipate material changes to our solutions or processes, we are always evaluating our products as the industry evolves and making enhancements to bring value to our customers and satisfy regulatory requirements.
Follow the link to the LexisNexis Risk Solutions website to find out more about how we support insurers.

This article is care of LexisNexis risk solutions ,and the original article can be found here.

Tim Kelly

Tim is a highly qualified Independent Engineer with over 20 years experience as an Engineering Assessor of damaged vehicles.

Leave a Reply