Weekly Wrapup: Insurers brace for impact of GDPR

Register now

The Weekly Wrapup is an analysis of the week's insurance tech news from the editors of Digital Insurance.

By the time this article is published, the General Data Protection Regulation will be in effect across the European Union. The new legislation has several specifics, outlined by PwC in the linked document. These include new regulations around data breach reporting and privacy.

But for insurers, the most transformative impact could be that ownership of personal data is being transferred to the customer. That means that carriers' data "assets" are now essentially "on loan," and a customer can request their data be given to a competitor -- or stricken from the record.

Practically, this has wide-ranging impact on insurance carriers operating in the EU. In the U.S., Novarica's Mitch Wein writes that there is still "some debate" over whether GDPR regulations apply to non-EU citizens physically in the EU, or EU citizens outside the EU. But for multinational insurers, the debate is moot: If you are trying to do business in Europe, GDPR applies on some level.

The data-portability requirements put significant pressure on insurance companies, KPMG writes. Policyholders have a right to request their information be made available in a way that can be easily read or consumed by another party. That, of course, can go both ways: Insurers will gain and lose customers from each other. But there is some concern that carriers will have to install new systems to transfer data, but that data may be of limited use in the end.

"Not only do insurers have to implement processes to enable them to provide personal data to data subjects and competitors in the correct format within the imposed timelines, they also must have processes in place to receive personal data from competitors," the consultancy says. "Many insurers are of the impression that without a standardised template detailing what information should be shared it will be very difficult to attach any commercial purpose to the data received from competitors."

One group of companies, however, stands to benefit greatly from portability requirements: The insurtechs. No longer will incumbents have a monopoly on data in the EU, says Oliver Wyman's Kaijia Gu.

"This is great news to new entrants, especially to ambitious and nimble insurtech startups, for which data previously was difficult and expensive to acquire," she says. "The innovative business models of the future will no doubt combine profound data insights with seamless user experience, smart recommendation and advisory capabilities empowered by artificial intelligence, and other value-added services."

In fact, Gu continues, customers' ability to transport their data from company to company could lead to increased churn for European carriers.

"Given the explicit consents required to use and share data, consumers will increasingly realize that their data holds a lot of worth. They will be looking to get more value from sharing their data, be it exceptional service and experiences, personalized products and offers or discounted products and services," she writes.

For reprint and licensing requests for this article, click here.
GDPR Data privacy Data privacy rules Big data Data security