GDPR in need for an effective digital strategy
Authored by: Washina Nizak- Associate Consultant, Business and Management Consultancy
By now GDPR is a well-known abbreviation within the insurance industry, typing this in Google shows about 5,640,000 results. This regulation will affect every organisation that processes EU residents’ personally identifiable information, no matter where it is based. The General Data Protection Regulation (GDPR), which will go into effect in May 2018, aims for more control of an immense data-driven economy. But this regulation is also a strong push for operational reform, by simplifying and de-cluttering the data landscape. Firms can become well-prepared in the midst of data protection regulation by leveraging innovative tools for their data compliance needs. While firms may worry about consequences associated with GDPR non-compliance, the regulation can be positively looked at as an opportunity for firms to improve their business pro-cesses.
The risks and impact
GDPR is regulating organisations across different departments, whether it is information securi-ty, HR, Vendor management, Marketing, or product development and accounting.
Currently, companies that gather immense amounts of data are free in what they do with this, resulting in a lack of data controls. Data is externally stored, and it is concerning multiple opera-tors (integrators, processors and sub-processors). There is risk for the actors regarding data leaks, which can be accidental (bugs), but also intentional (criminal hacking). There is a confusion of roles, for both the access and the use of the data. In a data-driven economy, outsourced data centers, employee monitoring, and client/human resources data is centralized at the headquar-ters, and cloud computing requires access to the data.
It is likely that an insurance company stores client information and insurance data for more than thirty years. Costs for storage and maintenance of this data are high, while a significant part of the data has little value. Issues may also arise when HR departments locally save data concerning confidential information about employees, medical information shared in internal communica-tion, or customer information that is analysed for marketing purposes. Employees using different personal and corporate services and devices makes it more complex to become compliant to strict data governance regulation. These are all examples of the risks that exist when data is not regulation and organizations are not aware of how they to treat their data.