Data Privacy: How It Could Negatively Impact Underwriting

The European Union has recently enacted sweeping guidelines covering data privacy and protection, regulations that are likely to make underwriting more difficult for insurance carriers doing business in Europe.

Data is Affected

The guidelines are likely to affect the quality and density of the data that the carriers gather. The insurance companies are attempting to comply with the regulations by adopting more stringent rules for accessing data. Many also plan to collect only the minimum amount of data needed and focus on collecting anonymous, aggregated data, as opposed to data on individuals. These changes will enable companies to remain in compliance with the regulations, but could reduce the quality of underwriting.

The regulations cover personal data that companies collect. Under the law, companies are also required to report any data breaches within 72 hours. Moreover, companies must be able to give European customers copies of their personal data if requested, as well as deleting it under certain conditions if asked to do so.

If companies fail to comply with any part of the law, they can be fined as much as 4 percent of their annual global revenue.

The new regulations are making data collection much more complex in the processes of data evaluation and gathering, as well as negotiating the legal framework. This complexity and the short reporting timeline are the two biggest challenges companies face in complying with the regulations.

For carriers with a large number of business clients, particularly in retail, the biggest challenges look to be the requirements surrounding individual rights, such as a person’s access rights and the right to be forgotten.

Enforcement Problems

Another potential problem is the way the guidelines are being enforced among the different individual member states of the European Union. This could complicate how data is managed and make the flow of data across national borders more difficult.

One of the major pressure points for companies is the 72-hour data breach reporting requirement. It will take real effort by companies to get themselves in a position to meet this regulation. Companies are seeking help from local government regulators to move into compliance by building on existing data protection infrastructure.

If your company is looking for qualified, reliable insurance professionals, contact Insurance Relief today. We are one of the best in the business, winning Best in Staffing awards for our accomplishments. At Insurance Relief, we thoroughly evaluate each person, so you get only the best.