What GDPR Means for Insurance Companies

GDPR (General Data Protection Regulation) took effect in Europe on May 25 --- and is expected to create a ripple effect that affects U.S.-based organizations, regardless of whether they have European operations. This is the most significant data privacy regulation ever – the EU views this as a human rights issue. The recent Facebook issues will accelerate GDPR acceptance here in the U.S., and it is up to insurance agents and carriers to be sure they are in compliance with all applicable laws and regulations in the U.S. and in Europe. GDPR was enacted to further protect the rights of individuals in controlling how their personal data is shared. Many expect further regulations to come to the U.S., along with stiffer financial penalties for those organizations that do not comply. But there are those in the insurance industry who see this as the “starting gun” not “the finish line.” The reality for most U.S. business, insurance companies and others is that GDPR will become the global standard for how businesses must handle consumer data, and it will set new benchmarks for consumer data privacy. GDPR will have a positive impact for both the business/marketer and the consumer. This can become an incredible opportunity for U.S. companies that choose to embrace GDPR. Instead of something scary and negative, it can become a great opportunity that they can use to challenge themselves to build tools and processes to maintain smarter marketing and more personalized and predictive communications with customers. As consumers begin to understand the advantages to them, they will likely prefer to work with and share their consumer data with compliant companies. Rather than waiting and wondering, companies need to take the steps necessary to comply. If it’s great for the customer, and if businesses lead the way, it will end up being great for the company. See also: How GDPR Will Affect Insurance  First, insurance companies will need to take steps to comply with the legislation so they will not be open to stringent financial penalties. They must begin by working with their legal team and GDPR experts to appoint a company representative who is established in an EU supervisory country. This person is the point of contact for all communications with the GDPR supervisory body. Not all organizations need one, but if it’s required, appoint a Data Protection Officer who has the expertise needed. This person can help redesign what consent and disclosure looks like for customers. Consumers will need to check a box (or its equivalent) for every single use case of their data. They need to be able to select those they agree with and decline those they don’t, and companies need to be able to comply and track their preferences in their systems. Insurance companies also need to consider third-party providers, as well. If a third party is not able to prove GDPR compliance, the EU work it does is illegal. Companies should audit their third-party providers and reevaluate service level agreements. Companies also need to work within the GDPR regulations and still be able to have a “good client experience” and grow and find and retain new customers with the new law that is a game changer for the way they do business now. Moving forward, companies will need to be much more aware of their audiences’ tolerance for marketing. Companies that have been careless by oversaturating their audiences with irrelevant marketing will lose the privilege to market to those customers. Consumers want information and marketing that is timely and relevant. Technology companies have tools available for clients that account for marketing saturation modeling and use dynamic marketing workflows. Their audiences should receive the “Goldilocks” amount of marketing – not oversaturated, but enough to maintain brand awareness and positive disposition when they are in the position of making a buying decision. The positive impact for insurance industry will be that GDPR compliance forces companies to implement data storage and processing and marketing “best practices.” Once a consumer asks to be forgotten, companies must remove all the person's data. Not just take people off an email list, or a call list, but delete all their preferences, history and contact information. Businesses that comply with GDPR will reap the benefits of better consumer confidence. Additionally, the practice of impeccable data security demands migrating customer data to the latest network technology. The long-term benefit of storing and running data using the best and most current technology reduces overall digital footprint. But how companies use technology to retain brand awareness and win and keep customers without becoming a nuisance at a permanent cost will be a challenge. Achieving and retaining brand awareness without irritation becomes a balance of just the right messaging, via the right channel at the right time. See also: How to Avoid Being Bit by GDPR (Part 1) We are proponents of human engagement and realize that all the AI in the world cannot replace human connections. We also realize that the human connection is invaluable and that marketing communications coming from a trusted adviser versus a faceless organization elevates the message. More than ever, companies need to rely on marketing acceleration models that induce a repeatable pattern of activity, garnered from AI and machine learning to create marketing workflows that enable individuals at a company to have personal connections, smarter marketing, more personalized and predictive customer experiences and better sales outcomes. Technology can help companies achieve one-on-one interactions and make them more confident that what they say and show is relevant and tailored to their client.