While the insurance industry has always been a firm supporter of the GDPR's objectives, Insurance Europe sets out areas of the Regulation and of the European Data Protection Board (EDPB) guidelines that require further attention. These include:
Investigate innovation - The use of new technologies, such as blockchain technology, artificial intelligence, big data and the internet of things, offer significant opportunities for insurers to expand and improve the products they offer consumers. However, this innovation could be undermined by provisions in the GDPR or in EDPB guidelines because, despite significant efforts, they are not entirely innovation-friendly or fit for a digital age.
Examine the EDPB - The role of the EDPB and the impact of its GDPR guidelines on industries should also be examined. In particular, areas in which the interpretation of the EDPB has gone beyond the text of the Regulation by, for example, creating additional requirements or narrowing the interpretation of a GDPR provision.
Consider consistency - In the interests of consistent, Europe-wide application of the GDPR, certain national GDPR guidelines have created fragmentation in its application and should be reassessed.
It is, however, too early to open the text of the GDPR, as it has only been in application for two years and any changes would create unnecessary costs for the industry, which has already spent significant funds on understanding and applying the Regulation.
Instead, if the GDPR is found not to have achieved its objectives in certain areas, the Commission should consider developing further or different guidance, together with the EDPB where relevant.