Data discipline: GDPR and what it means for the insurance industry

Close Brothers Premium Finance COO John Willmott

In the May 2018 edition of BIBA's Broker magazine, our Chief Operating Officer, John Willmott, discusses What the General Data Protection Regulation (GDPR) means for the insurance industry.

Read the article on the BIBA Broker website here


Insurance is notably one of the most data rich, highly regulated industry sectors.  It’s therefore understandable that the General Data Protection Regulation (GDPR) compliance deadline has caused more than a ripple in boardrooms across the sector.

GDPR replaces the Data Protection Act and focuses on looking after the privacy and rights of the individual.  It’s based on the premise that consumers or ‘data subjects’ should have knowledge of what data is held about them, how it’s stored and for what purpose it is used.  It signals a huge milestone in data protection law.

Historically, the insurance business has been anchored in data – insurers, brokers and finance partners all steadily amassing market information to help build risk profiles and price premiums appropriately.  The insurance industry will now require a superior appreciation of the data it holds, why it is held and how long it should be held for.  This is no trivial undertaking.

Yet the process of being ‘GDPR ready’ offers some very real advantages to the insurance industry.

Firstly, GDPR has accelerated the need for insurance businesses to closely evaluate their processes for capturing, transmitting, storing and using data, causing companies to ask questions such as “Would aggregating data into one central system provide improved efficiencies?”  “Could we work as effectively with anonymised data?”  “Why do we actually collect this data anyway?”

GDPR has also been a catalyst for re-assessing data systems and cyber security provisions, creating process and operational efficiencies.


The role of the broker

For brokers, the regulation provides an opportunity to further strengthen their place in the insurance supply chain.  Those with a GDPR compliant dataset will retain their critical role in giving consumers the means to make informed choices based on the cover available.

Consumer impact

As insurers enhance their knowledge of consumer risk profiles, for example, using data from telematics on driving behaviour, so too can they adapt insurance cover and prices to reward safe drivers. The possible exemption around special category data for an insurance purpose currently working its way through parliament may of course affect their power to do this.

However, GDPR will require the insurance industry to provide data subjects with all the information on who will handle their personal data upfront; which will be a huge challenge considering the number of organisations involved.

The GDPR provisions around processing sensitive data are also very specific, meaning brokers in the field of health, travel and life insurances will be faced with very complex data handling procedures.


Wider implications

Cyber risk is also a huge threat and those companies switched on to GDPR will consider how they can insure their liability for the data they hold, opening new markets for insurers.

The regulation is not designed to impede business progress or inhibit technological or Big Data developments; the industry just needs to work on its partnerships with the consumer.


Leverage the advantages

GDPR creates a discipline for organising data efficiently and securely, whilst making everyone less susceptible to cyber-attack.  So, with data analytics the lifeblood of our industry, the focus is now on cost-effective implementation, and maximising the business and end-user advantages that GDPR brings.