It is now under a year until the implementation of the General Data Protection Regulation (GDPR) meaning the boat is being rocked for insurance companies.

As you may already know, it’s vital that companies keep records of everything; every little change and customer interaction. When GDPR kicks in, it is essentially replacing the Data Protection Act which is becoming outdated. There will be new rules around customer consent, data portability, profiling and the customer’s consent to have their information erased from systems. All of this is set to be activated from May 25 2018 and the key thing is that we can keep operating smoothly over the transition.

GDPR has come about to give more transparency to customers when it comes to their private details. Admiral came under fire after their intrusive attempt to work out car insurance quotes based on Facebook posts. Somehow, Admiral decided they could work out the personality of their clients and set the price accordingly. Facebook put a stop to this bizarre ‘firstcarquote’ product, but it revealed the true threat to customer’s privacy and data protection.

However, look into the Admiral scandal in more depth and it seems Facebook is to blame for selling the permission to access user’s profiles in the first place. There are plenty of blurred lines when it comes to combining social media and personal data protection and GDPR hopes to make these slightly clearer. It was Facebook who realised Section 3.15 of their platform policy states the site’s data “should not be used to make decisions about eligibility, including whether to approve or reject an application or how much interest to charge on a loan,” so why they were even ‘in conversation’ with Admiral in the first place is baffling.

It’s a slight digression, but the point is once GDPR comes into force, there will be a strong focus on customer consent when it comes to how their information is used. Rather than just storing sensitive details as soon as someone new registers, companies will have to work a little bit harder to build trust and relationships with clients before they can expect to retain them. The biggest change is under the ‘right to erasure’ which basically means if the customer wants you to alter information that has changed, you have to delete the old information. Equally, they can be removed from the system entirely if they want to be.

The right to erasure also means that people can have outdated or irrelevant information about themselves removed from search engines such as Google. For example, say a Director of a company made an alleged legal mistake that was ten years ago but still popping up when you searched for their name on Google, they should be able to get a ‘fresh start’ and have that information erased.

So what does this mean for businesses? It’s all down to being strict with how accurately you record customer’s data and always ensuring that you have their permission to do so. If you’re uncertain of information on a client, it’s safer to rectify it or delete it, depending on the situation. Failure to comply with the new data protection laws could result in a fine of 4% of company turnover, which should be enough motivation to get it right.

On the plus side, the customer trust that you could gain from GDPR far outweighs the negatives. It’s down to you to convince customers that if they provide more information such as previous health problems, they will end up with a more tailored health plan. Other than the man hours needed to re-evaluate customer data including contacting them for their permission to use data, it’s important to remember that in the long run, the customer satisfaction and smoother process will bring us out on top.

What GDPR is looking to do is correct human error, but what it can’t do is protect your business, and your client’s information from random cyber-attacks. If your system is hacked, and you have the details of numerous individuals on your database then you’re likely to be at the other end of intense scrutiny, possible lawsuits and general damage to your reputation that is difficult to undo.

To protect not only your business, but those important relationships you’ve built up over the years, contact us today so we can evaluate your risk and prepare a tailored insurance solution for your business.

Call +44 (0) 207 977 1490 or visit us at www.genmedinternational.com