Mark Horrocks, Operations and IT Director at Restore Digital, explains how it is possible to simultaneously deliver operational excellence and GDPR compliance.
Insurance companies operate in a world that’s increasingly unpredictable, extremely competitive, laden with regulations and in which survival relies heavily on the ability to set a business either apart from the pack, or ahead of it. Now there’s another twist in the story. The mainstay of the insurance business, processing of customer data, is going to be shaken by the new EU General Data Protection Regulation (GDPR).
UK firms are having to invest heavily in preparation for the deadline (May 25) with the knowledge that non-compliance will be more expensive in the long run. Under the tighter data protection rules, the power over personal data is going to be swung in favour of the EU citizen. And as well as the impact of losing customer trust if companies do not comply properly with the regulation, they will also be met with large fines from the regulatory authorities.
It is imperative that insurance companies look at ways in which they can meet their new legal obligations in personal data processing1, and also improve the speed and accuracy of their data capture in order to deliver operational excellence. The challenge has been set. How does an organisation remain compliant and ensure that data is processed, used, held and destroyed responsibly and in a transparent yet efficient manner - whilst also achieving operational improvements?
One magic word – digitisation. It offers game-changing solutions for insurers to overhaul their claims management systems. Processing claims digitally offers insurers the chance to compete on more than just price. It can deliver more responsive customer engagement, achieve faster, easier claims processing and be a driver of operational efficiency.
When turning to a digitised system there are two main points to consider: the conversion of legacy paperwork into one new digitised system whilst making it GDPR compliant, and also the capture of new data as it arrives.
Paperwork is cumbersome and data can easily be lost when it is misplaced or disposed of by accident. How quickly can a business respond to the new right to be forgotten or the right to portability if key personal data cannot be quickly located and retrieved? Converting it all to a digital format puts the company on the right track with GDPR compliance and instantly solves problems inherent in a paper-based system.
State-of-the-art scanning combined with an encrypted (AES-256)2 electronic transfer of documents to an insurance company’s own system, offers a practical and secure way of getting rid of paperwork. Original paperwork rarely needs to be put into long-term storage and can be destroyed securely. The turnaround period for conversion often surprises those used to a slower system. In a typical scenario with a company needing to digitise 100,000 documents, it is possible, given the correct deployment of resources, to achieve conversion and integration in 3-5 working days.
Using software which appropriately supports all GDPR compliance requirements ensures that personal data is stored and protected from all unauthorised personnel and retained in line with customer and legal retention periods. It means it is structured in a way that fully meets GDPR portability requirements and yet can be easily erased or securely processed according to GDPR’s ‘Security of Processing’ requirements Article 32. Data can be controlled and systematically processed so that all required data processing records are maintained.
Capturing data and managing it digitally at its entry point into an organisation, is also an excellent way of getting ahead of the competition. Whilst some are busy paper shuffling, others who are running an automated workflow and digital mailroom solution as their claims management procedure are able to reap the rewards of reduced costs, increased security, GDPR compliance and save on storage space.
Data management companies, like Restore Digital, use GDPR compliant software tailored to connect with a company’s existing records management system, or where appropriate, use an implant team for the digitisation and capture of inbound mail. Data can arrive via letter, email, a portal, social media or from a text message and will be dealt with quickly and relayed to the correct person. Processes and retrievals are speeded up and aligned to deliver optimal customer satisfaction.
The clever move for insurance companies now is to upgrade their claims management processes in a way that makes them GDPR compliant by design. The forthcoming legislation should be viewed as a golden opportunity for a rethink and redesign of customer data processing as a whole within an organisation.
Who knows – a side-benefit from such a system may also be customer retention. If claims handling can be speeded up and made more accurate and responsive, if customers know their personal data is secure, fit for purpose and meets the latest legal requirements, then it can only be good for business. Boost your bottom line, meet your GDPR legal obligations and keep customers happy at the same time – what’s not to like?