Data protection in the insurance sector

The insurance industry is one of the most data-intensive industrial sectors of our age.

Our data protection experts provide consultation for the entire industry – from insurance companies, large insurance brokers, interest groups and networks to insurance service providers.

Insurance companies

We support insurance companies regardless of their organizational form – in other words, regardless of whether they are mutual insurance associations, stock companies, institutions under public law or public entities. In addition, we offer our consulting services across various sectors, to life and health insurance providers as well as other damage and accident insurers. In doing so, we focus just as much on individual companies as on corporations with activities in the insurance sector.

In our consultation, we account for the changing focal points in the insurance trade. Increasingly, systematic market processing starts with methods of market segmentation as well as risk segmentation – per se, a data-protection-sensitive area that internal data protection officers often underestimate or even completely overlook in their activities.

In our experience, the same is true of market research activities, which are growing industry-wide and increasingly involve better technical options such as data mining and other online marketing and sales activities (i.e. targeting or the increased use of e-commerce technologies). Because of this flurry of technical innovation, data protection compliance is often a low priority at first – until, in the worst case, a “breakdown of data protection” takes place. A proper compliance structure requires regular due diligence with regard to data protection as well as compliance with all of the requirements, for instance from Solvency II. In addition to the possibility of incurring fines, consumer sensitivity has increased with regard to activities by innovative insurers, whose services the consumers are nonetheless happy to use – for instance in sales with partners and cooperation models for marketing insurance products, i.e. in the construction and automotive industries, or with regard to value-added services (e.g. in the form of assistance services).

Target-group products have become much more significant. Insurance companies are increasingly partnering with industrial companies to develop technology-based product innovations (for instance on the car insurance market). Here, data-protection-relevant issues such as navigation systems can play a role; their compliance with data protection laws is also interesting for telecommunication service providers.

However, even relatively well-established approaches such as online marketing and/or direct insurance can raise the data-protection questions that are now on the radar of consumers and supervisory authorities for data protection. A common focus, for instance, is obtaining online credit reports, which requires a declaration of consent; another is online cost calculators, which require users to submit personal data and raise follow-up questions regarding deletion periods and adequate data protection mechanisms as per § 9 of the German Federal Data Protection Act [BDSG].

To some extent, compliance is also drawing more attention to data protection issues. For instance, the Federal Financial Supervisory Authority [BaFin] requires insurers to review the reliability of their commercial representatives. But how can this fraud prevention measure comply with data protection requirements while still effectively filtering out “black sheep”?
The list of day-to-day issues that affect insurers is long. During our many years of consulting work, we have brought up and also answered many of these questions. This is only possible because we have the necessary legal and industry knowledge as well as the necessary level of pragmatism.

Stakeholders for insurance providers

In addition to the insurers, the stakeholders of private-sector insurance companies also need a proactive data-protection strategy. Here, too, our practical consulting approach comes into play. Issues involving HIS / Uniwagnis (the notification and information system for the German insurance industry) are relevant not only to the practice of individual insurance companies, but are also being placed on the legal and political agenda by stakeholders – our experts are happy to provide consultation in this area.

Insurance brokers

In addition, insurance brokers – working on behalf of customers to find the optimal solution on the market and carefully checking the solutions according to objective measures – also come into contact with their customers’ personal data. Even if the client’s name is not shared with third parties, personal data can still be transmitted in the sense of the Federal Data Protection Act. In this case, data protection laws must also be taken into account here. All of the requirements from the area of customer data protection apply.

Insurance service providers

The trend toward outsourcing is equally relevant for insurers. Particularly in the area of claims adjustment, it is almost impossible today to imagine working without specialists – whether you are consulting with brokers to find the perfect claims adjuster or whether the contractor will perform the claims adjustment. Personal data is always transmitted in this case. The rules governing data sub processing apply. Here, § 11 BDSG provides clear framework conditions that are binding for customers and contractors alike. The customer must ensure proper monitoring of data protection in the contractor’s work. We will gladly perform these cyclical tests for you. The same applies to reviewing independent claims adjusters if you are working with them as a service provider – in order to satisfy your customer, in other words the insurance provider.

Industry exchange on the topic of data exchange

We are constantly working to find the best solutions for your data protection needs. In this process, it is essential to have the right partners.

You can benefit from our experience in the area of insurance data protection. We work efficiently, with the clear goal of protecting your processes to the greatest extent possible. Contact us for a non-binding consultation.