The General Data Protection Regulation (GDPR): Impact for Insurers

by Nicolas Michellod, June 20, 2017
Regulation
EMEA

Abstract

The GDPR was designed to protect and empower all EU citizens’ data privacy and to reshape the way organizations approach data privacy.

Celent has released a new report titled The General Data Protection Regulation (GDPR): Impact for Insurers. The report was written by Nicolas Michellod, a Senior Analyst with Celent’s Insurance practice.

The General Data Protection Regulation was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens’ data privacy, and to reshape the way organizations across the region approach data privacy. The GDPR will come into force in May 2018.

For a majority of insurers, regulation — and more precisely consumer data protection regulation (interpretation, changes, and lack of clarity) — is the major concern when they use using consumer personal data that is publicly available on social networks or on other online data sources.

Insurers need to review their ability to comply with all GDPR main principles: fair data processing, data subjects’ consent, accountability, data security, personal data breach reporting, and compliance enforcement.

Celent recommends insurers use a five-step approach starting with the mobilization of relevant resources and then specific actions including the mapping of data processing activities, the integration of systems, allowing connectivity, and fostering data services.

“The territorial scope defined in the GDPR is vast, and we can wonder whether monitoring compliance of all companies subject to the regulation will be feasible,” commented Michellod.

“The GDPR principles have direct consequences on how insurers inform their customers on the use of their data and how they manipulate it,” he added.

Celent is a research and advisory firm dedicated to helping financial institutions formulate comprehensive business and technology strategies. Celent publishes reports identifying trends and best practices in financial services technology and conducts consulting engagements for financial institutions looking to use technology to enhance existing business processes or launch new business strategies. With a team of internationally based analysts, Celent is uniquely positioned to offer strategic advice and market insights on a global basis. Celent is a member of the Oliver Wyman Group, which is a wholly-owned operating unit of Marsh & McLennan Companies [NYSE: MMC].

Media Contacts

North America
Michele Pace
mpace@celent.com
Tel: +1 212 345 1366

Europe (London)
Chris Williams
cwilliams@celent.com
Tel: +44 (0)782 448 3336

Asia (Tokyo)
Yumi Nagaoka
ynagaoka@celent.com
Tel.: +81 3 3500 3023

Table of Contents

Executive Summary

1

 

Key Research Questions

1

Introduction

2

 

The Regulation Factor in Insurance

2

 

The Need for Data Protection Regulation

2

 

Objectives of this Report

3

Defining the General Data Protection Regulation

4

 

Defining the GDPR

4

 

Geographic Scope

4

 

Other Key Definitions

5

GDPR Main Principles

7

 

Fair Data Processing

7

 

Lawful Ground for Processing

7

 

Accountability

7

 

Data Security

7

 

Personal Data Breach Reporting

7

 

Enforcement

8

Impacts for Insurers

9

Recommendations

11

Leveraging Celent’s Expertise

13

 

Support for Financial Institutions

13

 

Support for Vendors

13

Related Celent Research

14

Sign in to download reports and access personalized information