We have recently called for an improvement in the way the principles of GDPR are implemented across the insurance industry almost a year after its introduction.
Whilst often viewed as complex subject with a number of grey areas, we should not lose sight of the most important point in looking after the data that is provided in good faith by our clients and customers.
Simply put, this is their personal data, they own it and we as data processors and controllers are merely custodians. There was great awareness of GDPR prior to its introduction in May 2018 and there was little excuse for businesses not to have processes in place that were well established and observed before its introduction as a formal policy.
Hand in glove with these policies comes the need to upgrade systems which have the ability to comply with some of the more basic principles of GDPR. One of which is to only share and disclose essential information. In our experience a lot of legacy systems churn out one size fits all documents that often contain far more information than the recipient requires.
Another point of failure can occur at an operational level where claims and supply chain managers focus on doing whatever they can to encourage their teams to use self-service tools and unwittingly relax security requirements for logging into these systems.
There is a balance to be struck between maintaining the principles of data protection whilst at the same time giving the user an easy, seamless experience at the point of applying or purchasing services.
Looking forward, we should be working together in the supply chain to develop secure authentication methods such as single sign on to reduce friction whilst maintaining high standards of security. Where possible, creating shorter supply chains helps to reduce risk but even this relies on all parties adopting secure methods and technologies. Ultimately, we need reliable, secure systems which protect data whilst making the experience relatively simple for our customers.
Head of Technology & Digital