How can insurance companies ensure compliance one year on?

How can insurance companies ensure compliance one year on?

Mohit Manchanda,Head of Consulting UK and Europe and Prakhar Agrawal

Practice Director – Privacy & Risk Consulting at EXL

Views 1745

How can insurance companies ensure compliance one year on?

01.11.2019 10:30 am

The much anticipated data privacy regulation GDPR hit businesses back in 2018, and ever since there has been a constant growth in the quantity of data breaches reported, at the same time an increase in customer complaints. The magnitude of recent intent of fines on large multinational corporations, such as British Airways’ colossal £183 million fine after half a million customers had their data stolen,[1] has highlighted just how critical GDPR compliance is for businesses.

The UK’s regulatory body – the Information Commissioner’s Office (ICO) – advises companies to focus the second year of the regulation on three main areas: moving beyond just baseline compliance, having a clear and evidenced understanding of privacy risks, alongside an ability to demonstrate strong accountability. In essence, businesses must move from treating the regulation as a mere tick-box exercise towards a more sustainable, long-term approach. In particular for the insurance industry, having the flexibility to customise the GDPR compliance toolkit in alignment with the changing industry needs is essential.

In order for insurance firms to keep pace with and make the most of this transition, firms would see the most value in partnering with an organisation which already has deep domain expertise, understanding and experience of covering all the issues associated with data privacy. The main focus points can be split into four areas: privacy risk monitoring and assurance, record retention and destruction, data-driven privacy compliance, and finally third-party risk management.

Privacy risk monitoring and assurance

Insurance players must now proactively demonstrate compliance, moving beyond the minimum to producing evidence of a future roadmap. The ability to perform holistic monitoring across an array of other applicable privacy laws globally as well as generate measurable privacy risk insights would enable more effective decision making whilst meeting the reporting requirements of their board and clients.

Integrating a bespoke monitoring system that addresses a business’ exact needs and challenges is the most effective way of achieving privacy risk monitoring and assurance, with a global best-practice privacy risk monitoring and assessment framework. Using a sustainable and scalable model for compliance self-assessments also adds a layer of strong accountability, governance and quality assurance. Insurance firms should also be taking advantage of the efficiencies afforded by cutting-edge technology; automating the assessment evaluation and tracking processes will deliver real-time risk insights.

Record retention and destruction

Achieving GDPR compliance can and should be utilised a catalyst for digital transformation. Studies indicate that a huge 40% of data breaches are attributed to paper records, and considering the average cost of a data breach is $6.3 million, with an average customer churn rate of 6.4% as a consequence – the stakes have never been higher. Retaining unnecessary, historic physical records is not only expensive and inefficient, but is in contravention of GDPR.

The many thousands of boxes and millions of papers dispersed in different storage sites with limited inventory, as well as the complex data retention rules that govern their legality, make them highly undesirable. Partnering with an organisation with the ability to first provide pickup and extensive records cataloguing, and secondly to analyse records for personal data and subsequently classify out-of-policy records would be hugely valuable. Afterwards, firms should focus on digitising and indexing the content, destroying the leftovers – all while keeping on a system of ongoing maintenance.

Data-driven privacy compliance

Firms must look to unleash the value of unstructured data in order to meet sustainable privacy maturity and achieve GDPR compliance. The organisations with a firm understanding of the personal data landscape will go the furthest. However, with a staggering 70% of data residing in unstructured form, it is an extremely complex task. Key challenges include finding the right solution that employs new age techniques of identifying and associating data to individual identities, and adopting a sustainable framework for operational compliance.

An ideal solution would include deploying the right technology that scans data estate and automatically builds and maintains data flow maps. Next, undertaking a policy impact analysis to flag and alert non-conformances. Finally, deploying a risk based approach to policy enforcement with data treatment and remediation options such as deletion, anonymisation, securing and archival.  This will not only reduce data exposure but also enable timely fulfilment of customer data requests.

Third-party risk management

Another decisive issue to be aware of is managing the risks that third-parties pose, and determining whether they add value or weaken the outlook for GDPR compliance. As much as 60% of all data breaches can be directly or indirectly linked to a vulnerability in an organisation’s supply chain. Furthermore, insurance companies have a complex network of third parties and are required to undertake multi-faceted due diligence at various junctures. Despite this, a large number of companies still make use of multiple spreadsheets and ad hoc processes to manage their third-parties. Instead, a holistic solution should be applied, that not only offers a centralised view of all third parties and associated data but also introduces a standardised methodology and a scalable framework to streamline risk assessment, leveraging deep automation. Secondly, the solution should enable rich insights and risk intelligence to enhance decision making and help demonstrate compliance with regulations such as GDPR, all while making it easy for the supply chain to ensure long term operational success.

Organisations should start with a short assessment blueprint to evaluate the maturity of their as-is third-party risk management processes and look to design an execution roadmap bespoke to specific business needs. Having a trusted partner to fully manage this transformation in third-party risk management space would greatly alleviate the pain points and allow you to focus on the outcomes.


Latest blogs

Deborah Thompson Banking Circle

INCUMBENTS, CHALLENGERS, FINTECHS AND BIGTECHS: working together for post-COVID banking success

Banking Circle recently hosted a webinar to debate the challenges of the emerging post-COVID world, and how financial services providers can work together for the best results. Featuring a group of experts from incumbent and challenger banks, the Read more »

Granville Turner Turner Little

How millennials can get ahead with their money

Millennials are often painted as globe-trotting creatures that spend more money on avocadoes than their future. But that can’t be further from the truth. Millennials tend to be good savers, at least compared to other generations. Industry data shows Read more »

Christian Fredrikson Fingerprints

Biometrics: How Changing Behaviors are Shaping Tomorrow’s Solutions

Amid worldwide lockdowns and unprecedented social distancing measures, it’s safe to say the first half of 2020 has unfolded in an unexpected way. Many companies and technologies have had to take a back seat during the pandemic but for biometrics Read more »

Marieke Saeij Onguard

Instinct or Data?: The Key to Making Business Decision During a Crisis

During times of crisis such as these, making the right business decisions can be more difficult than usual, but perhaps also even more crucial to ensure the survival of organisations. From furloughing staff to deciding if it is both safe and viable Read more »

Andrew Hayden Winshuttle

Could Covid-19 help close the financial automation gap?

Many businesses moving their finance functions to shared service centre environments say that automation is critical to success. So why is it that so many have yet to implement automation successfully? When Winshuttle recently interviewed over Read more »

Related Blogs

Chak Kolli DXC Technology

How Can Insurers Realise the True Value of AI?

As Artificial Intelligence (AI) and digital transformation find their way into every aspect of our daily lives, we are gradually seeing changes taking place in different sectors. Progressively, AI is permeating the insurance value chain and it is Read more »

Tyron Jones n/a

Is Working in the Rideshare Industry Still a Financially Viable Choice in 2020?

The gig economy is stronger than ever, and it’s important for anyone to recognize the benefits of working a side job that brings some extra money to the table. Sure, it’s often not something that can completely substitute your regular income, and it Read more »

Matt Hooper IMImobile

Digital Claims Management: Five key Considerations for Insurers

It’s a challenging time to be an established insurance provider. As digital technology transforms the industry by increasing customer expectations, people want to quickly receive a quote, take out a policy and make a claim, while being able to Read more »

Guru Rao FBAlliance Insurance Company

Can we finally add “real-time” to catastrophe response systems?

Many organizations with significant exposures to natural and man-made catastrophes struggle to quickly and accurately assess the impact of those disasters on their business. Read more »

Simon Perry GMC Software

Dodge a Bullet with the Insurance Act 2015: Act Now to Implement Two-Way Communication

From 12th August 2016, insurers risk being caught out unless they open up a two-way customer communications process in line with The Insurance Act 2015. The new legislation includes a ‘duty of fair presentation,’ which ensures all parties must have Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel