Insurtech is gathering pace. An increasing number of start-ups are entering the market, incumbents are finding new ways to collaborate to improve customer offerings and efficiency, and there’s finance flowing into the sector, driving growth. We are at an exciting time in the world of innovation for insurance however the industry is set to face increasing challenge in the new world of General Data Protection Regulation (GDPR).
Customers tell us that they want simple, transparent solutions but that these solutions need to be bespoke in order to meet their specific needs. They want to understand what is and isn’t insured and they want to be free to only protect the things they care about, at a time they chose. In response we are seeing start-ups use data in new ways to develop these solutions – it could be phone videos of possessions in a room, it could be Facebook data about how you live your life or it could be sensor data from wearable technology. In fact it’s hard to think of an insurtech that isn’t either using new data or using data in a new way.
This should be no surprise. Data is fundamental to insurance, which essentially can be considered a data business. But although this is rightly a focus of innovation, there is a huge challenge coming very quickly over the horizon. The new GDPR. Make no bones about it, GDPR is a big shake-up.
The rules are complicated and the detail fills many pages. But the impact on insurers and insurtechs can quickly be grasped:
- The new rules require insurers to be transparent about how they use customer and employee data, in some cases customers will need to specifically consent to how their data is used. And this consent will need to be reconfirmed if the same data is used in a different way or for a different purpose. It can also be withdrawn at any time.
- Customers and employees also have a right to be forgotten – they can ask insurers to delete their personal data where it is no longer required or being used for its original purpose, or where they have withdrawn their consent.
- GDPR gives guaranteed data portability – customers can request for their personal data to be transferred from one company to another, in an electronic format.
- And there are new data breach rules – data breaches need to be reported within 72 hours. Fines for non-compliance of the GDPR could be up to a huge 4% global annual turnover.
Insurance companies are only just getting their heads around what GDPR means for their business and how they will respond. For many, compliance will require a huge transformation around how they gather, use and store data. Many insurtechs have not even started to consider the impact of GDPR, even though it is fundamental to their business.
Before we get too caught up with the challenges of GDPR though, we must also view this through a customer’s eyes. Customers tell us that they are prepared to share more information in exchange for a better product or service. To some extent, they are prepared to trade their privacy. But customers need control over their data and they need to trust how the provider is going to use it. GDPR should bring that trust and that control. In many ways GDPR is just old fashioned, common sense – it’s how you would want your own personal data to be treated. For an insurtech who is on the front foot, who is compliant, who delivers this service in an engaging and simple way and who can get this message out into the market, there is a tremendous opportunity. And we are seeing some rise to this challenge.
We have a real dichotomy between how the world of insurtech is innovating around the use of data and how the regulator is responding to consumer concerns. Innovators may find their great ideas handcuffed by these new regulations and will need to find new keys to unlock the potential.
Get in touch with the team