“Commentaries on GDPR abound but we thought this one particularly sensible and useful for the insurance industry. We are therefore pleased to share with you”

GDPR and the Insurance Industry
Read the full article by Per Gogstad of Noria here
Data protection laws have always been important. When the GDPR comes into effect, it becomes critical. Many are prepared for the regulatory changes, many are lagging behind. Either way, no one eludes them. Here’s what your insurance company should do to prepare for the new EU regulation.
The General Data Protection Regulation (GDPR) comes into effect on May 25, 2018. Standing as a milestone within data protection legislation, GDPR intends to strengthen and unify data protection for all individuals living within the EU and bring data protection into line with the data-driven era we’re entering.
For many, however, the GDPR is looked upon with concern. Unfortunately, the discourse surrounding GDPR has focused on the negatives of the legislation, failing to identify and highlight the manifold positives that follows in GDPR’s wake. So, let’s flip the coin and shift our focus to the value GDPR may generate for the insurance industry and what steps you can take to become compliant.


In short, there are two key drivers behind the development of the GDPR. On the one hand, the radical digitalisation of our everyday life has led to an increasing need to give people more control over how their data is collected and stored as our digital footprints increase in number and our electronic trail becomes ever longer.
At first glance, stricter regulations may seem constrictive on the insurance industry. After all, a widespread access to various data has enabled insurers to improve their understanding of their customers and improve their risk modelling and management. However, new regulatory demands regarding the processing and management of data might be a good thing for insurers.
According to a global survey from accountancy Ernst & Young, insurance companies generally rank low in trustworthiness. This makes the GDPR a welcome opportunity to build a healthier relationship and engender customer trust through greater transparency. For instance, cecoming compliant with GDPR can help insurance companies display the customer advantages of sharing data from IoT-devices with their insurers in return for added-value services.
On the other hand, the GDPR is meant to give businesses a simple, clear-cut legal environment in which to operate by standardising data protection laws within the EU. This too is a good thing, especially if we accept EU’s estimates that standardised data protection laws will save businesses a collective €2.3 billion a year.


Rather than being based on strict rules, the GDPR is based on principles. The Norwegian Data Protection Authority has summarised these guiding principles in seven points:

The consequences of not being compliant are severe. Insurers who don’t follow the guidelines risk fines up to four percent of their gross income – limited to 20 million Euro.


Several insurance companies are taking the necessary steps to become compliant. In a recent survey done by PwC, which summarises responses from several C-suite executives from larger American multinationals on GDPR-preparedness, over half of US multinationals say GDPR is their top data-protection priority. And becoming compliant is a costly affair: 77 percent plan to spend $1 million or more on GDPR.
As the GDPR is based on principles rather than rules, the process of becoming compliant are somewhat uncertain. However, if you follow these advises you should be well-prepared for the new legislation:

Compliance isn’t a choice, it’s an obligation. But this obligation may prove positive for the insurance industry in general and for the individual insurance companies specifically. Forward-thinking insurers should embrace the positive opportunities that lie inherent in the GDPR, act fast and prepare to become compliant with the GDPR now.