FIAR 2018: GDPR Workshop: GDPR should be seen as an opportunity for optimizing our business, not as a threat

15 May 2018 — Vlad BOLDIJAR
Are the insurers and the brokers ready for the GDPR challenge? What effects will GDPR have on the Romanian insurance industry and on consumers? What are the main issues in implementing GDPR? These were just a few of the topics debated during the GDPR Workshop taking place at FIAR 2018.

CristianJura_7009350Cristian JURA - University Professor & State Secretary
  • The final GDPR countdown began: there are less than 10 days left until the implementation of the directive;
  • 25 May is the beginning of a new travel. Nobody knows how the implementation should look. We have a legislation, but nobody is 100% sure about the way this legislation should be applied.
  • Romanians are, in general dissatisfied. Whenever they are dissatisfied, Romanians make complaints. We now have a new institution where complaints can be made. Thus, the implementation of GDPR becomes even more important.
GerkeWitteveen_7009340Gerke WITTEVEEN - Vicepresident, UNSAR & CFO, NN Asigurari de Viata
  • Consumers do not know what GDPR is, exactly, they don't realise that this new legislation is for their benefit.
  • Any law that must be implemented brings new challenges, not only GDPR.
  • GDPR in the insurance domain is very important - because we, as insurers, work with our clients' data. The clients' data are in the center of our activity..
  • GDPR is a legislation fit to the new digital world - GDPR cannot exist without digitalization.
  • All the bureaucracy built around GDPR helps neither the consumer, nor the insurance industry.
  • GDPR means that any client must, in any moment, know what happens to his/ her personal data. This is the essence of GDPR - clients have the right to know what happens with their data once they gave them.
  • GDPR brings a novelty: the right to be forgotten.
  • The new legislation is built with the consumer in mind: we, the insurers, must increase the client's trust in the industry and GDPR helps us do this.
  • Insurance is not one of the most trusty domains, so GDPR will help increase the customers' trust in insurance. By protecting the clients' interests, we build their trust.
  • There is the risk that the client feels more burdened by documents, instead of more protected - but we don't want to scare the client away. If we don't respect the requirements and we burden the client, we can lose him/ her. This is the real challenge of GDPR.
IoanDumitrascu_7009310Ioan DUMITRASCU - Partner, PeliFilip
  • The GDPR legislation brings very high sanctions. The sanctions cost more than the conformation costs.
  • Unlike current legislation, GDPR also requires an impact study - the evaluation of the impact on data protection (DPIA - Data protection impact assessments).
  • The GDPR mandates a DPIA be conducted where data processing "is likely to result in a high risk to the rights and freedoms of natural persons".
  • In insurance, an impact study would be necessary: it should have been made before 25 May, but it does not seem to have been a priority for the industry.
  • We are waiting for the authorities' clarifications regarding the DPIA, because the legislation mentions that it will be specified when DPIA should be optional and when it is mandatory.
  • There are companies which haven't even thought about conducting a DPIA.
  • DPIA is a continuous process and it is conducted after a preliminary analysis which shows whether it should be conducted.
DanMihai_7009394Dan MIHAI - Partner, Jinaru, Mihai & Notingher, Law Offices &Tax Advisors
  • According to our analyses, the GDPR conformation level in many industries in Romania is rather good.
  • Also, according to our analyses, the same thing is true when it comes to the transparency of communicated information.
  • The most sensitive subject remains the protection and safe storage of data: old systems, vulnerable to all sorts of information leakage. Many companies don;t know how to protect their data. Many companies don't know for how long should data be kept - this is a critical aspect.
  • The reasons for which companies are implementing GDPR: the fear of sanctions, the requirements coming from their international groups, or the requests coming from their partners.
  • The three reasons mentioned above also indicate how the companies apply GDPR. In most cases, companies take the "Compliance driven approach", meaning "we need to implement GDPR in order not to get sanctions". However, the companies which apply the "Business driven approach" have much to gain, because GDPR is an opportunity for companies to revise and improve certain processes.
  • Although inspections from authorities are to be expected, the biggest risk comes from consumers, who will band together and will make collective complaints to various commercial companies.
TudorGalos_7009410Tudor GALOS - Senior Digital Transformation Consultant
  • GDPR can be seen as an opportunity, not as a threat.
  • Everybody only sees the sanctions: GDPR can also help optimizing the business.
  • It is mandatory for companies to secure their data infrastructure.
  • Personal data means any data that makes a person identifiable: a CASCO policy number makes a person identifiable, which means it is personal dataa, the online behaviour of a person is personal data, the car number is personal data.

MariaBoghian_7009438Maria BOGHIAN - Senior Consultant, ASIS Software International
  • GDPR is an opportunity and it will make our lives easier.
  • GDPR helps us reanalyze and reorganize our business, making it simpler.
  • We will have bigger storage spaces and our data willbe better protected. GDPR will help us "sleep more peacefully".

Share |