GDPR failures will have regulatory comebacks, industry warned
Insurers and brokers have been warned the potential fines firms could face for breaching General Data Protection Regulation (GDPR) rules have the potential to trigger far more serious implications.
Data protection experts from across the UK and London insurance markets gathered in London for a roundtable discussion, hosted by Insurance Day in partnership with RMS, on how the market could manage the balancing act between innovation, enhanced analytics and compliance with GDPR.
While the participants recognised the need for the market to come together to create a consistent approach to many of the regulatory rules, it also warned about the risks posed by failure to comply.
The fear remains that should an insurance entity be found to have breached the rules, the penalties potentially open to the Information Commissioner’s Office (ICO), which has regulatory responsibility for GDPR compliance, would be the least of its worries.
“If the ICO were to fine someone or to even apply an administration, I bet you I’d be more worried about what the FCA [Financial Conduct Authority] and the PRA [Prudential Regulation Authority] are going to do,” one participant said.
“You might get a minor administration fine from the ICO but the FCA and the PRA would be all over you for systems control failures.”
While many of the major entities in the London market and the large underwriters have been investing heavily in staff and systems to ensure compliance, the participants were concerned regional brokers have been faced with the challenge of compliance without the ability to invest in the solutions.
“I just feel there has to be a holistic approach to this as well, to help the smaller companies and help the smaller brokers and the smaller firms,” one said.
“I would think so, but it’s tricky for all of us to sit here in the centre of the insurance market, just off Leadenhall Street and talk about this. What about the small regional brokers and smaller underwriting firms and MGAs [managing general agents]? I think as the supposed experts, we have a duty towards the industry.
“You are only as strong as your entire supply chain and the supply chain does include smaller players and so, therefore, there is implication and benefit as large entities to ensure that shared understanding is probably the best way forward because it’s a supply chain.”