The 9 GDPR checkpoints according InsuranceEurope

24 May 2018 — Daniela GHETU
GDPR is around the corner, InsuranceEurope says, drawing attention to the fact that it is the time for final checks by insurers. The association has publi9shed on its own website an overview of insurers' obligations under the General Data Protection Regulation.

Data processing lies at the heart of the insurance business. Insurers collect and process personal data for several reasons. These include analyzing risks that customers wish to cover, paying claims and benefits, and detecting and preventing fraud. The new European data protection regulatory framework - the General Data Protection Regulation (GDPR) - applies starting tomorrow, 25 May 2018. It introduces new requirements for insurers, provides enhanced rights for individuals, strengthens data authorities' powers and establishes high upper limits for fines in cases of non-compliance. As such, the GDPR will have an impact on both insurers and their customers.

According InsuranceEurope, there are 9 main obligations (LINK LA under GDPR that insurers need to comply to:
  • Lawful processing
  • Keeping consumers informed
  • Responding to consumers exercising their rights
  • Additional safeguards for data processors
  • Data Protection Officer
  • Privacy by design and default
  • Data Protection Impact Assessment
  • International transfers
  • Notification requirements in case of a data breach
Last, but not least, there are the accountability and awareness issues that need attention. Thus, along with complying with the GDPR, insurers must demonstrate their commitment to being compliant. They must implement processes in a way that actively demonstrates their compliance with the GDPR. On the other hand, it is vital for insurers to raise awareness within their company, so that staff involved in data processing activities are well aware of data protection rules. It is important to note that national data protection authorities can impose fines of up to EUR 20 million or 4% of a company's global turnover if it is found to be non-compliant with GDPR rules.

The full Insurance Europe document is available here (

Share |