General Insurance Article - Reinsurance procrastination concerning GDPR


The General Data Protection Regulation (GDPR) comes into enforcement from May 25th, 2018. The potential fines that can be levied by GDPR are large numbers. At their extreme they can be as great as €20m or (and this makes it important to companies of all sizes), 4% of global revenue, whichever is the greater. The (re)insurance market may, however, be failing to address the challenges brought about by GDPR. According to Fifth Step CEO Darren Wray there are a number of causes of those failures.

 Wray said: “The first driver of likely non-GDPR compliance is procrastination. In some cases this is a result of not recognising the scale of the GDPR programmes, which did not make the progress they needed to in 2017. My observations are further borne out by a recent survey by the law firm Paul Hastings, in which they find that only 39% of UK and 47% of US firms have an established GDPR programme.”

 Other failures include:
 Delusion - Many insurance carriers and brokers that have implemented GDPR programmes believe that they don’t have too much to do because they’re compliant with the EU data protection directive (the Data Protection Act in the UK). This is a false assumption for many insurance businesses as their processes and systems have all changed significantly since most firms last looked at data privacy. As a result, their GDPR programmes need to have a larger scope than was initially assumed.

 Under-investment – According to the Paul Harvey survey, only 10% of UK companies have allocated a budget for GDPR compliance.
 Wray says: “In my experience, the number of insurance firms allocating a budget is higher than 10%, however, these budgets are not always based on correct assumptions therefore the project teams are likely to be asking for additional investment, or changing the scope to meet the budget. This often isn’t the best approach for compliance projects.

 Some (re)insurers are also falling into the trap of thinking that GDPR is a “one and done” project (this is why some firms didn’t maintain their DPD compliance as tightly as they should have). For the GDPR some firms will require a data protection officer (in some cases they may need to be a full-time position but others might look at a DPO service offered by specialist third party contractors). This means that GDPR is likely to feature on most organisations’ budgets in some form going forward.”

 Wray concludes: “Having the right resources in your GDPR programme can make a massive difference, either to supplement existing internal resources or playing a larger role. Indeed, having resources with access to the right experience right now could be the difference between a successful programme and one that is still running in January 2020.”
  

Back to Index


Similar News to this Story

Sleighing the risks by giving Santa the insurance he needs
While you might be the most magical employer in the world, we know that even you aren’t immune to the risks of running a global delivery service! From
Diversity improving in insurance and long term savings
Key figures from the Association of British Insurers’ latest Diversity, Equity and Inclusion (DEI) data collection highlight the work of insurers and
Almost a third of homeowners have been victims of burglaries
Research commissioned by Co-op Insurance reveals that almost one in three (29%) homeowners have been the victims of theft from their home. The member-

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

Email
Password
 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS

WikiActuary

Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.