Data compliance is an important facet of any business today. For insurers who rely on customer data for product distribution and innovative development of better solutions, meeting the requirements of this regulation is critical. Angelique Strumpher, Administration Manager for Business Process Outsourcing at SilverBridge, takes a closer look.
“Technology makes it easy to access, collect, and process high volumes of personal and company data at high speeds. This information could be sold and used for further processing. In the wrong hands this could create irreparable harm to individuals and companies.”
As an individual or an organisation, people want access to platforms which includes the right to privacy and protection of personal information in terms of the data footprint that they leave behind.
To protect your right to privacy and to avoid the abuse of your personal information; data protection legislation was needed. For this reason, POPIA (Protection of Personal Information Act 4 of 2013) was promulgated. The implementation of POPIA is a reality for service providers and consumers alike. Every entity who collects, stores, and modifies information must comply with the conditions required for the lawful processing of that data.
Understanding your role in the POPIA process is critical in understanding your rights as well as your obligations in terms of compliance:
All entities (natural persons and organisations) are “data subjects” and are afforded the right to protection of personal information.
As a provider of either goods and services or both a company/organisation is considered a “responsible party”.
A “responsible party” is obligated to protect the personal information of its customers, employees, suppliers, vendors, service providers and business partners; in other words, all data subjects across all business touch points.
At any given time, a person employed at an insurer (or elsewhere) could be both a data subject and a responsible party.
An insurer that is seen to be taking all necessary precautions to protect their customer data, respect the rights of their clients and the use of data as consented to; will have a competitive advantage especially with the rise of insurtechs offering consumers more nuanced solutions.
The Financial Services Board along with the FAIS Ombudsman are more than ready to fine and suspend an FSP license if they are found to have stepped outside of the law by misusing customer data for their own personal gain without the consent or knowledge of that customer and have failed to protect sensitive information. It must be noted that as a “responsible institution” under FICA (Financial Intelligence Centre Act) you are obligated by law to report transactions that fall within the ambit of this Act to FIC (Financial Intelligence Centre).
The European Union is in the process of implementing the General Data Protection Regulation (GDPR) in May. With the threat of fines up to Euro 20 million or four percent of annual global turnover if found to be in breach of GDPR, companies are under immense pressure to re-evaluate measures to strengthen data protection for their customers.
Closer to home, Microsoft will soon be opening two Azure data centres in South Africa (Johannesburg and Cape Town) focused around delivering cloud offerings to the continent. Once launched, this will drive renewed interest around data sovereignty and adhering to a constantly evolving regulatory environment. This creates opportunities for insurers to embrace a digital culture by providing customers with more enhanced (and bespoke) local services.
“Insurers understand the competitive advantage of data. Therefore, it is imperative that their data is secure, protected, and used in a manner that complies with regulatory requirements. The analysis of data to better understand customer behaviour to develop unique customised solutions is key in ensuring that data use mutually benefits both the insurer and the customer. Technology and product development should be aligned to ensure data compliance when implementing solutions”.
“The secret is finding the balance between data integrity, data use and analysis, and data compliance to strategically drive profitability,” she concludes