GDPR most important job.png

As insurer boardrooms across the country put the final touches to their 2018 plans, it seems odd that some of the things on which they normally rely they can no longer predict.

Insurers — and more specifically their Chief Information Officers (CIOs) — are preparing for next year knowing that they will have to fundamentally change many of their systems, but they don’t actually know what, or how. And it's not their fault.


The issue was brought into sharp relief a couple of weeks ago when it was announced that the Insurance Distribution Directive (IDD), a piece of pan-European regulation to foster competition and customer protection slated for 23rd February 2018, would be delayed. Why? Well, to put it simply, they haven’t made up the rules yet.


The same is true of GDPR. The announcement of The Article 29 working Party last week at least ticks one thing off the to-do list — in this case, profiling and breach reporting — but it’s a long list.


As CIO, you know you are going to have to re-engineer systems to comply with both the IDD and GDPR, and you also know that there’s this ‘digital revolution’ thing going on that often isn’t being given to you because you are supposed to be doing the heavy lifting.


Indeed, it’s not as though CIOs (or CTOs) don’t already have their hands full. A report earlier in the year from Insurance Nexus laid bare how much insurers across the globe are focusing their staffing on technology related roles. In Europe, four of the most prominent emerging positions relate to data and information: Chief Information Security Officer, Chief Data Officer, Chief Digital Officer and Chief Analytics Officer. The need for data is also highest in Europe. No surprises there.


In case that all wasn’t enough, there is the small matter of dealing with cost pressures brought about by what seems a permanently tightening market.


That’s why the job of the insurer CIO has to be one of the toughest in the market in 2018: integrate new and expanded teams while changing all systems to account for rules that haven’t yet been devised — and get it all done by a fixed deadline, or an unclear deadline, but one that is definitely coming.


How on earth can you plan for that? How can you budget for that?

Risky Business

One of the core risks that insurers will need to account for is the fact that they might not be able to comply with legislation. It’s not that they don’t want to; they just can’t without changing all of their IT systems at a fundamental level, which will take time they don’t have, come at a cost they haven’t budgeted for, to deal with a risk that they don’t yet know.


Take a simple thing like “the right to be forgotten”. In GDPR, a consumer has a right to request that the insurer forgets everything that they know about them. The only way to really do this would be to have one single customer database that has all information about all consumers within it. Most (maybe all) insurers don’t have that; instead most have many and multiple databases with customer records spread across the organisation, used for different purposes. Few businesses have a map of all of that, and there is rarely a single point of access. 


Then there is the fact that not all the systems that have information about your customer are under your control. What if you resell insurance through brokers or partners, can you be sure that they have forgotten the information? Or worse, if they have received a request to be forgotten by a customer, have they passed it on?


No, I wouldn’t want to be an insurer CIO in 2018 for all the tea in China. I think as we collectively prepare for the final run-in to the 2018 budget, we should spare a thought for the CIO, and perhaps leave a little bit of slack in there for “legislation that hasn’t yet been made up, but which is going to fundamentally change the nature of our IT”. You will thank me this time next year.

Download GDPR Delete Day Report

Data is the lifeblood of the modern insurance industry. It influences everything from pricing to claims, and insurers are constantly searching for the right data on the right customers. Without data, the insurance industry just ceases to operate...

Download GDPR Delete Report

Submit a comment

You may also like

What’s The Point Of Digital Innovation?
What’s The Point Of Digital Innovation?
22 May, 2018

Digital is a dominant theme in insurance with plenty of coverage and discussion on insurtech developments in start-ups a...

What’s Happening With Protected No Claims Bonuses?
What’s Happening With Protected No Claims Bonuses?
24 August, 2016

The Competition and Markets Authority (CMA) Private Motor Insurance (PMI) Order came into force at the beginning of the ...

Women Drivers: Pro-Active Motor Insurance Buyers Who Want The Right Cover
Women Drivers: Pro-Active Motor Insurance Buyers Who Want The Right Cover
8 March, 2017

March 8th was International Women’s Day, a global day celebrating the social, economic, cultural and political achieveme...