Latest Insurance Posts

Featured Posts

Filter By Categories
Ian Hughes
By
September 28, 2017

GDPR: Legitimate Purpose Is No Excuse For Being Drunk On Data

  gdpr

2-1.png

Imagine waking up in the middle of the night and finding a drunk stranger at your bedroom door. They have staggered into your house in their alcohol-fuelled fog and have decided that your bed looks comfortable.


This is a true story, told in the office this week by a somewhat disconcerted member of our team, while I happened to be thinking about GDPR. It was the unlikeliest of metaphors — but the more I thought about it, the more it made sense.

 

The picture below is taken from my credit file. You can see the number of companies that have pinged my file over the last month.

ians credit file.png

The only insurance related transaction that has happened for me this month is the renewal of my home insurance, which was completed without me shopping around because I forgot. None of these companies insure my home. None of them insure my car.

 

What you are seeing here is the data equivalent of the drunken friend. I don’t know any of these people and yet, multiple times per month they come calling to find something out about me.

 

I don’t know what that something is, and I don’t know why they are doing it. If they came straight out and asked me, I might well tell them — if they made it worth my while.

 

On the 25th May 2018 this will change. Under the General Data Protection (GDPR) legislation it will be illegal to have my personal details on file without my consent. It will even be worse if that information is used for a purpose for which consent hasn’t been obtained.


Legitimate Purpose

The industry has carved out a “legitimate purpose” usage clause which will allow them, in some circumstances, to legitimately store and use data without having to get consent.

 

From what I can see in my own credit file, however, there is no way that all of this activity is legitimate purpose — which means that whatever these companies think they are doing with my data will probably have to stop.

It is entirely possible that I may once have been a customer of these companies, but my permission for them to use my information effectively ended when I ceased being one. None of the provisions of existing consent will stand the scrutiny of the new legislation.

 

Let’s be clear: coming into my bedroom, drunk, in the middle of the night is at least creepy — if not a little scary. Using my data without my consent and without a legal legitimate purpose is also creepy — if not a little scary. Next year it will be down-right illegal.

 

If all of this activity is an active part of an insurers’ business model designed to give it competitive advantage, then they will need to find another way to gain the insight going forward. Our figures show that the cost of replacement to the industry for resoliciting former customers is around £100m. We also found that up to 30% of insurers’ business is generated through the resoliciting of former customers.

 

Here’s another thing that looking at my credit file made me think. Why do these companies need to check my file so often? It’s one thing to come into my bedroom drunk once, by mistake. It’s another thing to do it 3 or 4 times a day, or 2 to 3 times a month. In the real world that person would find themselves in jail at worst, or in therapy at best. The industry needs to get some data therapy before it finds itself breaking the law.

 

How did the real story end? It happened to be a friend of a friend who had visited the house once before, and recognised it as a safe place to crash. At least that’s what they told the police.

 

The party may not be over until May, but it’s already time for the industry to start sobering up. Otherwise it’ll be facing the kind of hangover that movies are made of. 


Download GDPR Delete Day Report

Data is the lifeblood of the modern insurance industry. It influences everything from pricing to claims, and insurers are constantly searching for the right data on the right customers. Without data, the insurance industry just ceases to operate...

Download GDPR Delete Report

 


Subscribe to newsletter

Subscribe