The recent increase in the amount of data generated, stored and analysed by insurers to establish their pricing and underwriting policies has led to the emergence of new needs both from a regulatory point of view, with the recent implementation of the European framework of the General Data Protection Regulation (GDPR) and with a view to offering new services on the market (cyber risk).
Milliman consultant Thomas Poinsignon recently explore the development and analysis of actuarial methods within the default security framework—a principle of the GDPR imposed on companies using personal data.
The objective is to extend the elementary mathematical concepts and models used when developing classic non-life insurance pricing models (simple linear regression and generalised linear models) to their use on secure data in accordance with regulatory requirements.
To learn more, read Thomas’s paper, entitled ‘Research on non-life pricing procedures on encrypted and anonymous data under the GDPR.’
In May, the new General Data Protection Regulation (GDPR) was issued. The GDPR strengthens rules regarding the way in which companies use data and should enable individuals to have a greater level of control over what companies do with their personal data.
The GDPR is applicable across the European Union, and as such all UK companies should currently be complying with the regulation. There have been many papers about the legal aspects of the GDPR. But few papers have covered the practical realm of how to design a risk management framework that insurance companies can use for the GDPR and data protection risk analysis.
Data protection is important to all types of businesses:
• Collecting, sorting and analysing data is unavoidable, whether it involves handling policyholder data directly or collecting personal data of a company’s employees or clients.
• There is a high price to pay for any error or breach of data, both in terms of direct remedial costs such as regulatory fines and additional staff, or ongoing reputational consequences which damage ongoing business performance.
In this paper, Milliman’s Claire Booth, Tanya Hayward and Peter Moore walk through the high-level requirements of the GDPR and also detail specific considerations on the implementation steps. They provide an overview of the new GDPR rules, discuss the aspects that firms should consider in light of these changes and explore the implications of the GDPR for a firm’s risk management framework.