GDPR Indicates What Regulators May Require of Insurers’ Data Governance and Security

Law applies to US firms that do business in EU or with EU citizens: Novarica

Boston, MA (Sept. 25, 2018) – While the General Data Protection Regulation (GDPR) is specific to the European Union, North American firms that do business in the EU must be familiar with the law’s provisions and take the necessary steps to comply. In a new brief, GDPR for North American Insurers, research and advisory firm Novarica examines GDPR provisions and compliance concerns for North American insurers, as well as profiles a dozen vendors whose solutions address data governance and security. Vendors profiled include: Big ID, Citrix, IRI, Metric Stream, OneTrust, Oracle, Protegrity, Qualys, SAI, SAP, SAS, and Veritas.

“Carriers must evaluate where and how they collect EU citizen data; they must also determine whether data they collect are necessary to the process they are performing. Likewise, carriers need to determine whether they use EU citizen data for actuarial or marketing purposes the individual never explicitly authorized,” said Mitch Wein, Vice President of Research and Consulting and lead author of Novarica’s new report. “Because some US states are copying aspects of GDPR (notably the ‘right to be forgotten’ in the CA Consumer Privacy Act), carriers will need to replicate these capabilities where necessary. Due to the emergence of state-by-state data and security regulations, compliance requirements may overlap and differ whether carriers operate in the EU and the US.”

A preview of the brief is available online.

About Novarica

Novarica helps more than 100 insurers make better decisions about technology projects and strategy through retained advisory services, published research, and strategy consulting. Its knowledge base covers trends, benchmarks, best practices, case studies, and vendor solutions. Leveraging the expertise of its senior team and more than 300 CIO Research Council members, Novarica provides clients with the ability to make faster, better, more informed decisions. Its consulting services focus on vendor selection, custom benchmarking, project checkpoints, and IT strategy. For more information, visit

Source: Novarica

Tags: , , , , , ,