Auger is calling for increased vigilance of the policies of GDPR across the industry almost a year after its introduction.
Neil Wilks, Head of Tech for Auger, said: “Customer data should be fully protected, but the ability to comply with some of the more basic principles of GDPR are often compromised by legacy systems.
“These systems churn out one size fits all instructions which often contain far more information than the recipient requires.
“At a high level there is a strong commitment driven by Information Security compliance to build sophisticated IT infrastructures and systems which have the appropriate defence mechanisms to minimise the risk of data breaches and to ensure that we as supply partners are held to high standards in this regards.
“In our experience it falls down at an operational level where claims and supply chain managers focus on doing whatever they can to encourage their teams to use self-service tools often at the expense of unwittingly relaxing security requirements for logging into these systems.
“We’re all about delivering frictionless experiences for everyone involved in the claims process but an unintentionally relaxed approach to password complexity and access result in unnecessary risk.
“There are times when you have no choice but to hold firm and balance the user experience in the name of security and maintaining GDPR compliance.
“We should be looking to work together to look at secure authentication methods such as SSO (single sign on) to reduce friction whilst maintaining high standards of security. The challenge as ever is likely to be an insurer’s ability to adopt new and emerging technology such as SAML with their legacy systems.”
Wilks also said there is evidence over the last year of a drive in the industry to consolidate supply chains, reducing risk where there are many links in the chain with a breach more likely.
Auger is one supplier operating a direct labour model across the UK which can only help to reduce data breaches, he added.
He said more hand-offs means more dilution, reduced control and a loss of the ability to adequately audit all links in the chain.