On 12^th October, more than 200 professionals from the Fintech world gathered at the Novotel Kirchberg for the first edition of the RegTech Summit. While local and international experts focused on the opportunities brought by the use of RegTech solutions or on the importance of securing information in a big data era, Eric Lippert, COO of OneLife gave a presentation on the upcoming General Data Protection Regulation. How will it impact the life insurance sector?

Companies are not yet compliant

The COO of OneLife started by sharing numbers about the upcoming GDPR regulation, which assesses the readiness of companies: “In October 2016, 97% of companies in Europe had no strategy to deal with GDPR. 23% expect sanctions as they won’t be ready. And more than 50% admitted they won’t be fully compliant”. Yet, Eric Lippert thinks Luxembourg is in a good place and has a strong advantage compared to other countries in Europe, mainly because of the banking and insurance privacy laws, and the presence of authorities such as the CSSF and CNPD. “We have been dealing with data privacy for years” he added.

New rules will be game-changers for life insurers

Eric Lippert then listed several differences with the current privacy policies: in case of a data breach, companies will have 72 hours to provide the CNPD with all the relevant documentation, the fine will go up to €20m or 4% of the turnover. “It will have huge consequences for the companies who do not respect these new GDPR rules” explained Mr. Lippert. Another important aspect of the new European regulation will be the consent: as a matter of fact, the formal consent of the customer will be needed in order for companies to use the data. They will also have to be able to prove and provide it at any time. Finally, the ‘right to be forgotten’ will change the game, with customers now able to ask the insurer to delete all their data, and so will the portability aspect: insurers will have to facilitate the transfer of data if the clients request it. “The major constraint will actually be administrative, with the formalisation of the new rules. This requires the appointment of a Data Protection Officer and annual audits of the processes and rules in order to make sure the company remains compliant.

Eric Lippert ended his presentation on a more positive note, highlighting that GDPR also means new opportunities for life insurance companies: they will be able to take control of their own compliance, build a stronger client relationship based on trust, work on the quality of their data, enhance their digital marketing. “There is also a huge opportunity in Europe for centralised KYC” he added.