With less than 7 months to go to the GDPR deadline of 25th May 2018, we asked insurance companies operating in the Irish market a number of questions about their readiness for GDPR. Most said that they expect to be compliant by the deadline – however, we are seeing the two topics of portability and erasure as areas for concern.
Erasure is about the identification and deletion of what can be a broad customer data set. It’s enough of a challenge to find all the data – deleting it can be complex and risky.
Many insurance companies operating in the Irish market are running a legacy mainframe as the technical ledger, in tandem with more modern underwriting and claims platforms such as CRM and workflow systems. Data deletion can impact data integrity if not approached correctly.
This would appear to be consistent with our survey, where the majority of insurers we surveyed do not have a documented approach to erasing personal data on a customer’s request. The increasing demand for a single view of the customer means that some insurance companies are starting to look at this, but it remains a challenge.
When it comes to portability, it’s all about finding key customer data and providing it in a machine readable format. The issue really is what data to provide – if the definition is broad it can get very complex.
90% of insurers we surveyed have not established what data is in scope for a portability request, while 70% have not defined “machine readable format”. With less than 7 months to go, almost half of insurers we surveyed are still in an Analysis phase, while 4 of 5 have yet to implement any changes required to be compliant.
The time to act is now.
How can EY help?
If you’d like to discuss any aspects of GDPR in more detail, don’t hesitate to get in touch with me or your usual EY contact.