GDPR: is it the next PPI?

 The advent of the General Data Protection Regulation (GDPR) has the capacity to create chaos through the insurance industry supply chain on the scale of PPI, according to a leading tech company serving the insurance industry. Neil Wilks, Head of Technology at Auger - a leading independent specialist for drainage and water mains claims - said those companies or individuals who suspect insurance companies may be storing or processing data illegally will almost certainly be encouraged to pursue a claim much in the same way as PPI claims mushroomed. He said: “The additional issue here for insurers is the approved supplier’s delivery model.

Although many insurers and adjusters will look at the governance surrounding sub-contractors, they also need to consider the implications of the data security of smaller local or regional suppliers employed by the main contractor (known as sub-processors) further down the line who may not have the same processes in place. “For the insurance industry, GDPR is a big shake-up, and will cause significant disruption to how insurers store, manage and process personal data. They could find themselves on the wrong end of various legal scenarios if they don’t put their house in order. “They will face claims cases that are genuine where there has been negligence and damaging effects of misuse of company or an individual’s data, and there will also be the no-win no-fee scenario. The ‘ambulance chasers’ will want to maximise it just as many have done with PPI. “As insurance companies often both control and process data they need to be fully prepared for the new rules to come into effect.” The most senior management at board level will be held accountable for any failures to implement GDPR and the Information Commissioner’s Office will be able to take action against organisations and individuals that collect, use and keep personal information. Customers will be entitled to ask insurers to delete their personal data where it is no longer required for its original purpose, or where they have withdrawn their consent.

Under the GDPR, insurance customers can request for their personal data to be transferred to a competitor. If there is a data breach for whatever reason, the legislation allows 72 hours to report it. Fines for non-compliance of the GDPR could be up to four per cent of total annual turnover. ENDS.