A GDPR Implementation Guide for the Insurance Industry

A GDPR Implementation Guide for the Insurance Industry

Xenofon Liapakis (Interamerican, Athens, Greece)
Copyright: © 2018 |Pages: 11
DOI: 10.4018/IJRQEH.2018100103
OnDemand PDF Download:
No Current Special Offers


Data Protection has always been an issue of concern for businesses across the globe. Laws addressing the Universal Statement for Human Rights have been set as early as 1948 and, as years go by, awareness further strengthens legislative actions. Through his work at Interamerican insurance company, the author shows that alignment with legislation, though perceived as a resource-intensive, counter-productive process, may be turned into an opportunity for fine tuning, promoting the operations of a company, and raising the trust towards IT.
Article Preview

The Need For Gdpr In The Insurance Sector

GDPR has been discussed widely in recent bibliography through different approaches due to the nature of its content. Some reports have focused only on ethic, others on legal or technical points of view without presenting the effect of combining all sides into the real business world. The combined view is of considerable importance for the insurance sector, as it needs to address all these challenges. Insurance seems to be the most exposed sector in dealing with personal and sensitive data (European Commission, 2012), not just for its existing customers but also for the data of potential customers.

The new regulation establishes a set of rules regarding individual rights such as those for insurers, employees and customers, by defining the responsibilities and obligations for the data controllers, as well as the shared responsibility of the data processors (either internal or external) who have been chosen to do data processing on behalf of the controllers.

The insurance sector is especially exposed to the risks described by GDPR, since all insurance companies collect, maintain and store both private and special category data (previously known as sensitive data) not only for serving their customers, but also the potential gain this data can return to the company. For example, it is a common practice for insurance companies and their business partners to exchange personal data for their customers, even as regularly as on a daily basis. For example, an insurer may exchange data with hospitals, car garages, claims management companies, fraud detection services, sales networks such as agencies and brokers, external contact centers for road assistance or legal protection, e-shops for marketing activities etc. From now on, for all such partnerships, the partners’ GDPR “maturity level” will be a deciding factor for continuing with the partnership. In case the partner is not evaluated as mature, the insurance company is expected to terminate the collaboration and look for new partnerships that meet the requirements. Such scenarios are reliable indicators that GDPR certification is expected to be established very soon.

The regulation strengthens privacy protection by adding extra categories such as genetic data, biometric data, sexual orientation, political opinions, religious, geolocation data, IP addresses, social media URLs etc.; these are classified as personal or special data categories (previously known as “sensitive”) (Wikipedia, 2018a).

Complete Article List

Search this Journal:
Volume 11: 4 Issues (2022)
Volume 10: 4 Issues (2021)
Volume 9: 4 Issues (2020)
Volume 8: 4 Issues (2019)
Volume 7: 4 Issues (2018)
Volume 6: 4 Issues (2017)
Volume 5: 4 Issues (2016)
Volume 4: 4 Issues (2015)
Volume 3: 4 Issues (2014)
Volume 2: 4 Issues (2013)
Volume 1: 4 Issues (2012)
View Complete Journal Contents Listing