The GDPR “Answer” for Insurers

Insurers will be able to adjust their organisations for EU General Data Protection Regulation (GDPR) compliance in one of two ways. One way is for companies to use in-house or outsourced IT professionals to adapt the current systems for compliance. This is not a quick fix and could easily cost large organisations millions, with poor likelihood for success.

The better way is to take the same budget required for an in-house fix (it may actually end up being cheaper!) and spend it instead on a new, advanced system, pre-designed to comply with GDPR requirements. Beyond getting compliance features built-in, the system can also offer enhanced rich functionality that can work to enrich insurers business model by touching almost every aspect of their business.

Insurers require a good digital suite coupled and pre-integrated with a modern policy administration system (PAS) to survive and thrive in today’s ultra-competitive market. Regulators are making increasing demands on European insurers to fall in line with tougher rules, while customers demand a vastly improved user experience within a digital framework.

GDPR Compliance via a Modern PAS

A modern policy administration system (PAS) will help European insurers easily and fully comply with GDPR. Take, for example, the Sapiens IDIT PAS for general insurers and the Sapiens ALIS PAS for life and pensions providers (Sapiens also offers a Closed Books consolidation platform for legacy). Both are GDPR-compliant, offering functionality in all areas mandated by the regulator:

  • Consent Management
    • Capture of consent and consent withdrawal, with full audit, including ‘requested by’
    • Multiple consent types (fully configurable)
    • Consent management framework part of core
    • Workflow/business rules-driven
  • Data Definition
    • Providing data attribute configuration of
      • Classification of ‘personal’ data
      • Classification of ‘sensitive’ data
      • Configuration of ‘masked’ data (with selection of required masking format)
  • Data Control
    • Data control mechanism provides flexible capabilities for data access/restrictions, validations and rules
    • Data control manages the segregated/restricted access on different levels – field, document type, entity or module of the system
  • Monitor
    • Users & Roles management – the log will record a history of user’s lifecycle: user creation/deactivation, adding/removing role/privileges to user, adding/removing privilege to role. Also, the same log will depict user log in/log out, unsuccessful attempts to login and unsuccessful attempts to perform restriction actions
    • User actions – the log will include all events, including events of actions that creates/changes personal data, amendment initiators and reasons
  • Anonymisation
    • Right of individual to be forgotten
    • One directional logical anonymisation of personal data
    • Workflow/business rules-driven

Single Point of Responsibility

Selecting a digital insurance suite that is fully integrated with a PAS means that insurers only need to communicate with a single vendor. It is like working with one general contractor to run a construction project, as opposed to managing scores of different specialised experts and trying to coordinate between them. A single vendor has all the knowledge, positioning it to provide powerful implementation capabilities and quality support services going forward.

Business Intelligence

Once they have consent to use customer data, insurers will be able to cross-sell using Business Intelligence (BI)/advanced analytics. An effective BI solution will offer European insurers a fully integrated analytics platform with multiple visualisation options on a single and fully integrated data model. It can enable insurers to easily draw business conclusions and insights from raw data, via self-service analytics, while at the same time adjusting the data discovery processes to comply with constantly changing regulations.

An effective BI solution will also enable insurers to determine which customer data is ‘personal’ and prevent money laundering/fraud attempts.

To learn more, please check out my white paper: Preparing for GDPR: Challenges and Opportunities for Insurers.

Share this blog post
Share Button

Richard Walker

Richard Walker is head of the insurance practice at Sapiens. He possesses extensive expertise in insurance technology, specifically in the property and casualty/general insurance and life and pensions markets. Richard collaborates with insurers to help them operate more efficiently, increase revenues and prepare for the future.

More Posts