The insurance industry will need to streamline its processes to face the challenge of GDPR when it comes into effect in May.
Neil Wilks, Head of Technology at Auger said GDPR allows for collective enforcement of individuals rights, but is less beneficial for insurers. He went on: “The new GDPR provides a potential avenue for a collective enforcement of rights against giants of industry and tech that would currently be prohibitive for individuals to pursue alone. This is great news for customers but less so for large insurers who may have been able to lever their legal expertise in a typical David versus Goliath scenario. “A data subject, typically the customer, should be engaged in an ongoing manner to ensure their continued consent for a company to process their data as opposed to a ‘smash-and-grab’ where they obtain consent up front when a service provider has more leverage over the customer and then uses that consent to process their data indefinitely.”
Wilks said that from an insurance perspective, processes need to be streamlined and transparent so that all parties comply with any request within a reasonable timescale. As an industry that is often ‘handicapped by legacy and disjointed systems’, he pointed out that a simple request to delete a subject’s data could be time consuming and challenging to ensure all instances of the data are removed.
He added: “This highlights an accepted lack of agility in the industry which makes it ever more vulnerable to innovative disruptors who are not handicapped in this way or perhaps more worryingly giants such as Amazon who are currently circling the industry. They already have the systems and processes in place to handle GDPR with the ease and lack of friction that have made their other services so successful. “With disruptors on the other side of the pond like Lemonade utilising technology and AI to decide the outcome of a claim and paying it in a reported three minutes, the future of insurance would appear to be set to follow in a frictionless fashion. “European counterparts who are subject to GDPR may have no such joy.
Article 22 of GDPR places restrictions based on automated decision-making processes which allow a subject to challenge and request an automated decision be reviewed by a human. "For a customer whose claim is declined their trust in an insurer could be eroded the minute they learn their decision was made by an algorithm and they could be lost altogether should the human then reverse the decision.”