GDPR: An opportunity for Insurance

Your data estate has been mapped; consent and privacy pro formas have been revised - and your cybersecurity stance has been bolstered. In other words, with less than two months before the General Data Protection Regulation (GDPR) becomes law, the main focus so far (quite understandably) has been on meeting the ICO’s requirements and the ABI’s best practice guidelines.

But what happens after 25 April 2018? Rather than viewing GDPR purely as a business problem that needs to be solved, we examine the potential market positioning opportunities presented to insurers by the new data protection framework.

Marketing Insights

The company-wide data audit is an indispensable part of any GDPR compliance project. Its purpose is pretty simple: to tell you what personal data you control, where it resides and what it’s used for. It’s only when an insurer has established this that it can start to get a handle on its compliance obligations.

But it’s not just your compliance project manager who can draw insights from data map intel.

Data-wise - and from a marketing perspective, the “Holy Grail” is of course a single, reliable view of your customers. But as Experian’s 2018 Global Data Benchmark Report highlights, the two biggest barriers to this are too much information - and too wide a variety of it.

GDPR compliance might have triggered your latest company-wide data mapping exercise. But marketing managers shouldn’t pass up this opportunity to take a long hard look at their data estate.

Which data sets are now redundant - and which are currently under-utilised?
Can disparate sources of information be better integrated?
Consider carefully what could be improved to extract cleaner insights on your actual and prospective policyholders.

Insurers as privacy champions

The use of personal data has an image problem. 71% of consumers worldwide believe that the brands who control their personal data are using it unethically. And over half of people have been put off using one or more digital services because of privacy concerns.

The likes of WannaCry makes for front page headlines. It’s hardly surprising that privacy-aware, cybersecurity-savvy customers tread carefully before entrusting their data with brands. And once mandatory security breach reporting becomes a reality under GDPR, it will be a lot easier customers to check which insurance companies are getting data protection right - and wrong.

To strengthen your privacy and cybersecurity stance, GDPR may well have triggered changes within your organisation. Increasingly, customers care about this - so consider bringing it front and centre:

Explain the changes you make. Both for security-focused updates to your IT infrastructure and your customer services platform, tell you customers about it. Let’s say for instance, that you’ve introduced an additional authentication measure on your policyholder platform. Explain what changes you’ve made, why you’ve made them and the benefits this will bring to your policyholders in terms of security and privacy.
Showcase your record. Do you enjoy a zero intervention record with the ICO? Have you just been given a clean bill of health following a regulator audit? Then make this known to your customers.
This “show and tell” approach to data protection should help establish your credentials as a safe pair of hands - allowing you to build security into your value proposition.

Data rights: Part of your customer service offering

GDPR brings in a batch of new and improved data rights for individuals. Policy renewal time provides a neat illustration of how some of these rights may work in practice:

An existing customer is considering her renewal options. As part of this, she requests confirmation of - and access to - the data her insurers hold on her (the right to access).
She requests transferral of her policy profile to a new provider (data portability).
She subsequently asks that her insurers erase the data they hold on her (the right to be forgotten).
For most of these rights, the new law requires a response from an organisation “without undue delay”. Action the request within the statutory-permitted month, and you stay on the right side of the regulator.

But of course, a whole month’s response time is hardly conducive to great customer service - and in most cases, these type of requests can and should be actioned a lot quicker. It’s one of the reasons why a ‘self service’ approach to data rights is actively encouraged in GDPR: a secure, user-friendly portal for policyholders to view, confirm, amend and extract their data where appropriate and as desired.

Data rights shouldn’t be seen as something separate from customer service. After all, the whole point of GDPR is to enable individuals to access the digital marketplace with confidence. So if customers are currently forced to jump through hoops to exercise those rights, now’s the time to review your user experience to assess what could be done better.

Your spur to innovation?

The new rules on data portability under GDPR make it even easier for customers to switch - in what is already a buoyant switching economy.

Yet as we considered in our recent trends roundup, rather than giving up on the whole idea of customer loyalty, smarter insurers will realise that as switching gets easier, the value of relationships becomes even greater. The creation of a highly personalised, super-relevant content strategy could be just what’s needed to stem a race to the bottom, price-wise.

And is your customer service platform truly geared up - not just for compliance - but for delivering the secure, hassle-free customers policyholders are looking for?

With sector-specific expertise, Pancentric enables insurers to innovate - putting your policyholders at the heart of that innovation. So for data rights alongside all other aspects of your service offering, how can you answer their needs in a better way? Speak to us today to find out.