Provisions on the processing of personal data introduced by the General Data Protection Regulation (GDPR) could hinder insurers' abilities to capitalise on the big data and analytics phenomenon, according to a CRO Forum paper.
The paper notes the emphasis GDPR places on concepts such as consent to use data, right to object, right to remove and minimise data could hinder innovation.
Such provisions could, according to the paper, restrict insurers from big data benefits, including better evaluation of risks, prevention of certain risks and developing more personalised products and services in response to consumer needs.
The GDPR, which replaces the current Data Protection Act 1998, comes into effect on 25 May 2018 and applies to all companies with personal records. The regulation is aimed at giving control back to individuals over their personal data. It also sets a new standard for breach notification, with companies required to report a breach within 72 hours of becoming aware of it.
Insurers have been outspoken with the issues they are currently facing over GDPR implementation.
The paper also pointed to potential market distortions, which could also pose a danger. Specifically, it states non-EU companies processing non-EU customers' data may enjoy greater freedom with data analytics and have more ability to develop products and services as a result.
In response to such challenges, the paper states developing products and services based on available data is a "legitimate interest of insurers." It also states cooperation between supervisors and re/insurers is key to accessing the value of big data and the CRO role is critical in promoting its "ethical and transparent" use.
The big data phenomenon has also been highlighted by industry participants, with Eiopa chairman Gabriel Bernardino recently stating it had "the potential to change significantly the insurance value chain" for better or worse.
Bernardino also flagged a thematic review next year of how insurers use big data.