A new study has suggested that insurance companies face an onslaught of requests for personal information from UK consumers when the General Data Protection Regulation (GDPR) comes into effect on 25 May.
GDPR will enable consumers to request their personal data from businesses, which will have one month to respond. Two in five (40%) are already planning to take advantage of their data privacy rights within six months of implementation, according to a survey from Veritas Technologies.
Consumers are most likely to target financial services companies, including banks and insurance companies (56%), with their personal data requests, found the Veritas survey of 3,000 adults, including 1,000 in the UK.
Jacqueline Cole, a member of the Forum of Insurance Lawyer’s directors and officers sector focus team, outlined some important steps that insurance companies should take to comply with GDPR last month.
EU residents already have the right to ask a company what personal data, such as gender, age, location, sexual preference, religious beliefs, and passport/driver’s licence information, is held on them, but as of 25 May they will also have enhanced rights to ask to have their data deleted (known as the ‘right to be forgotten’). Businesses will be required to sufficiently respond to these requests within one month of receipt.
Mike Palmer, executive vice president and chief product officer at Veritas, blamed recent events surrounding the use of personal data by social media platforms for consumers taking much more of an interest in how their data is used and stored by businesses across many industry sectors.
He said: “With a flood of personal data requests coming their way in the months ahead, businesses must retain the trust of consumers by demonstrating they have comprehensive data governance strategies in place to achieve regulatory compliance.”
Reasons for wanting to issue requests varied among respondents, but the Veritas survey pinpointed increased control over their own data (56%), a clear picture of the data held (56%), breaches (47%), trust issues (37%), to challenge how much businesses value consumer rights (27%), and to irritate companies they feel have mistreated them (8%), as most prominent.
The Veritas survey found that consumers do not expect organisations to be capable of fulfilling their requests under GDPR. The majority (79%) believe that organisations won’t be able to find and/or delete all of the personal data that is held on them, and a fifth (20%) believe that businesses will only be able to deliver up to 50% of the personal data they hold.
Palmer added: “It’s imperative that businesses embrace technology that can help them respond to these requests quickly, with a high degree of accuracy. This means having the ability to see, protect and access all of the personal data they hold regardless of where it sits within their organisation.”
“Businesses that fail to recognise the importance of responding effectively and efficiently to personal data requests will be putting their brand loyalty and reputation at stake.”