Raf Sanchez, Beazley International Breach Response Service Manager, comments ahead of the introduction of GDPR on 25 May:
“Regulators and individuals are on the cusp of acquiring enhanced tools to hold organisations to account for poor data privacy practices. The implementation of the GDPR heralds a new era for data protection across the EU which not only creates a new direction of travel for data privacy but also allows regulators, and even individuals, significant new powers to enforce their rights.
“How personal data is used and protected in an increasingly connected world is a huge challenge both for the organisations holding the data and for the individuals to whom the data relates.
“How can the insurance industry help to mitigate these risks going forwards? Cyber insurance will play an important role, but only if it sits alongside a robust data privacy compliance programme, internal risk management planning, software tools and board-level involvement. Time is running out. Organisations that are not prepared for the new regulation
s, or found to be flouting the new regulation should prepare for a substantial fine.”
Perhaps the most interesting part of the new rules from an insurers point of view, is the text relating to `portable data,’ such as a no claims discount, or a personal driver history logged via telematics.
In this case the consumer could demand that the driving style record, speed, mileage, locations visited, braking force etc held by any insurer – or third party – be transferred to a rival, so that more favourable policy terms could be agreed.
It will be interesting to see how these rules are translated into day-to-day activity within the car insurance sector and how mistakes (there are bound to be some) are rectified.
More here on the portability of data.