Regulations empower consumers to better understand their rights regarding third-party usage of their personal data; they also entitle consumers to make requests on how their data is used. Consumer protection is designed to improve the transparency of cover. (Re)insurers must offer customers products that meet their needs and do a better job of informing customers.
Listed below are the top regulatory trends impacting D2C in insurance, as identified by GlobalData.
Insurance Distribution Directive (IDD)
EU member states implemented the IDD in 2018, replacing the Insurance Mediation Directive (IMD). The IMD principally covered the activities of insurance agents and brokers selling (re)insurance products. But the IDD expands on the IMD, with the new directive also governing direct sales by insurers and reinsurers.
The IDD emphasises consumer protection is designed to improve the transparency of cover. Under IDD, (re)insurers must offer customers products that meet their needs and do a better job of informing customers. In addition, the IDD introduces other new requirements, including the production of an Insurance Product Information Document for non-life policies.
General Data Protection Regulation (GDPR)
Coming into force in May 2018, Europe’s GDPR stipulates strict penalties for firms that fall short of compliance. Under the regulation, non-compliant firms may face fines of up to €20m or up to 4% of the company’s annual global turnover for the preceding fiscal year, whichever is higher. An increasing number of countries outside of Europe are adopting similar data protection legislation.
Such regulations are empowering consumers to better understand their rights regarding third-party usage of their personal data; they also entitle consumers to make requests on how their data is used. This limits the ways insurers use customers’ personal data, bringing complications on how best to do this – as is the case with cloud technology, which facilitates the automated collection of large volumes of data.
Online mediums will remain of utmost importance to insurers, putting greater focus on the direct channel. Digitisation and the rise of the internet have increased the risk of cyber-attacks. Given the increasing volume of customer data captured online, insurers must make sure they remain properly protected from attacks at all times. Cyber risks are evolving quickly, requiring businesses to look for innovative solutions to flag unusual activity.
The selling of products online is governed by legislation. This legislation normally prescribes several elements that businesses selling online must incorporate on their ecommerce websites. Businesses are typically required to provide the company’s name, address, and contact details, as well as the trade register and VAT numbers.
For instance, in the EU businesses selling online must also notify users on the contractual procedures regarding the product being purchased and how customers can modify, correct, or delete information. Insurers are required to confirm all website purchases within 24 hours, inform customers about the 14-day cooling period, and notify them about how their data is being stored and used.
E-commerce legislation is revised from time to time, requiring insurers to take measures to remain compliant.
This is an edited extract from the Direct to Customer in Insurance – Thematic Research report produced by GlobalData Thematic Research.
Download the full report from
View full report
GlobalData's Report Store
GlobalData is this website’s parent business intelligence company.