September 2018 - The European Union’s General Data Protection Regulation (GDPR) aims to allow individuals to exercise control over their data and stipulates rules for anonymizing and purging data upon request. Each EU member will create a national supervisory authority to enforce compliance. The law also applies to US firms that do business in the EU—and possibly to US firms that do business with EU citizens in the US. (The latter is subject to legal disagreement and will need to be tested in court.) US carriers must be aware of GDPR provisions and may need to take steps to comply. Further, the California Consumer Privacy Act of 2018 resembles GDPR, though the former is less stringent in some key areas.

This brief examines GDPR provisions and compliance concerns for North American Insurers. It also profiles a dozen vendors whose solutions address data governance and security.