Aite-Novarica Group Home Page

GDPR May Serve as Model for Future Laws

Submitted by Mitch Wein on Mon, 2018-10-01 00:00

The European Union’s General Data Protection Regulation (GDPR) creates binding stipulations for corporations who process personally identifiable information, or PII, of EU citizens. US carriers conducting business either in the EU or with EU citizens domestically are considered “data controllers” according to the GDPR and must understand its provisions and how to comply with them.

The GDPR (in effect since May 25th 2018) allows individuals to exercise control over their data and stipulates rules for anonymizing and purging data upon request by providing strict controls around the processing and movement of EU residents’ personal data. The law defines explicit legal uses for personal data; requires individualized, explicit consent for other uses; and mandates that companies allow individuals to see, correct, or expunge their data. Carriers should note that the GDPR’s definition of PII is broader than that of the US and covers almost anything attributable to a person.

Since the GDPR requires an opt-in system, insurance carriers must request, receive, and capture customer consent in a way that is secure and referenceable by all processes that are relevant to customer data rights. Carriers must also capture the duration of this consent, since under the GDPR it can expire. Insurers working in the EU or with EU citizens should also be careful to anonymize personal data.

All carriers—whether they do business in the EU or not—should understand that the GDPR may serve as a model for future laws. The GDPR can be an indicator of what US regulators may soon require of insurers’ data governance and cybersecurity overall. Fortunately, there are many prominent providers that could be useful in solving data governance and security challenges. These include, but are not limited to, Big ID, Citrix, IRI, Metric Stream, OneTrust, Oracle, Protegrity, Qualys, and Veritas.

For more information about the GDPR and compliance for North American insurers, check out Novarica’s executive brief.

And to learn more about the GDPR’s impact on cybersecurity, check out this blog post.

Add new comment

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
12 + 7 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

How can we help?

If you have a question specific to your industry, speak with an expert.  Call us today to learn about the benefits of becoming a client.

Talk to an Expert

Receive email updates relevant to you.  Subscribe to entire practices or to selected topics within
practices.

Get Email Updates