There is, understandably, considerable anxiety among many insurers and reinsurers in the European Union in the lead up to the implementation of the General Data Protection Regulation (GDPR). GDPR is a large-scale, complex, and costly undertaking for companies looking to record and store customer data in a compliant manner and gain the consent of EU citizens around how their information will be used.
One particular area of concern is what companies should do with so-called “dark data.” Dark data refers to a wide range of information such as marital status, nationality, and mobile phone numbers insurers may have collected during the policy application process.
Information is the lifeblood of insurance companies and they rightly acknowledge that dark data, which has been collected over many decades, has deep value — and in the hands of actuaries and underwriters, it can help insurers improve pricing accuracy and personalize service delivery.
With the implementation date for GDPR fast approaching, the way insurers treat dark data will largely depend on organizational culture. Companies that see GDPR as an IT, human resource, or administrative responsibility, may view the regulations as a burden, and decide to delete large swathes of dark data to achieve compliance. However, insurers with a sophisticated understanding of privacy laws and a company-wide analytics-driven culture will see GDPR and dark data as an opportunity to streamline the way they run their businesses.
Rather than embarking on wholesale dumping of large sections of their data assets — which can have deep intrinsic value — insurers can sanitize the information to ensure GDPR compliance. Technology can play an important role in finding this dark data, categorizing and anonymizing it, and storing it in an appropriate and secure location where it can be analyzed and interpreted by business teams. The benefits to both insurers and their policyholders are evident. For insurers, in the areas of greater productivity, and for their clients, in potentially reduced premium costs. Moreover, the purchase and renewal of policies will become easier owing to digital enablement, policyholder services will be more responsive and effective, and predictive tools will help bolster management decision-making.
Harnessing those benefits will require businesses to be culturally and technically aware of what can and cannot be done with data while adhering to all data privacy regulations. GDPR must not be looked at as a massive bureaucratic and IT nightmare but should be leveraged as a significant opportunity to holistically improve business processes across the organization.
Unfortunately, only a small minority of insurers and other businesses are looking at the potential upsides of GDPR. With the right approach and strategic plan, and with expert support and guidance, GDPR has the potential to deliver significant business improvements for insurers and their clients.
Marek Kaszczyc is vice president, head of Poland operations at Xceedance.