In 2018, insurance brokers spent an average of 34 hours establishing the company’s compliance with the General Data Protection Regulation. And nevertheless, a large share of them are not sure if the measures they took were a success. Data protection often fails due to data silos.
28 percent of the brokers from the AfW broker barometer stated they were uncertain regarding the question as to if their own company is compliant with the General Data Protection Regulation. And this despite the 1.5 million hours all registered brokers invested over the past year in the implementation of the European General Data Protection Regulation. Redundancies were a particular problem found in the compliance with regulations.
Deletion and information requests from private people
During May of last year, the period to implement the European General Data Protection Regulation expired. Starting at this point in time, private people have the right to find out what data companies collect and save. If no other legal guidelines speak against it, for example, safekeeping obligations, companies must delete data upon request and provide proof of this when in doubt.
Deletion does not automatically mean physical deletion
A decision from the Austrian Data Protection Authority (Az. DSB-D123.270/0009-DSB/2018) can also be interesting for German insurance companies. A customer demanded that their data be deleted, because the original purpose for saving the data was no longer fulfilled. The insurance company anonymized the personal data and informed the customer about this. That wasn’t enough for the customer and they complained.
The authorities came to the conclusion that “deletion and destruction are not identical. The individual in charge of data processing may determine the deletion method at their own discretion.” Here, as the insurance company could show, the fact that no connections to the concrete person could be made through the anonymization was sufficient.
Such an implementation of the General Data Protection Regulation will become a nearly impossible task for insurance companies, brokers and other companies when data about the same person shows up in several silos.
How are data silos created
Data silos are created due to technical or organizational reasons. Technical causes are often due to missing interfaces between the systems. These could either not be shown at all or not in an efficient manner. Apart from the problem with the General Data Protection Regulation, redundancies always cause more work and increased error rates. Data silos also arise as a result of a missing IT strategy or a development plan that was not thought through enough.
Often organizational problems or the lack of governance are the second cause with the effect that users enter and distribute their data personally. Classics are, for example, sales data on local systems from field workers that the head office is not even aware of. The longer this condition lasts, the more heterogeneous the environment will become. That makes it increasingly difficult to let uniform processes run or evaluate data.
The creation of data silos is advanced if the obtainment and analysis of information is less in focus during the execution of projects, but rather the handling of processes.
Data analyses, machine learning or artificial insurance should always be considered in the design of the IT and service landscape. Because the generated and existing data form an important resource for further analyses.
Eliminating silos – and getting help
The General Data Protection Regulation example shows that the elimination of data silos can be necessary for compliance reasons. From a strategic aspect, the elimination of data silos should have high priority. It is necessary for all employees to be included and for the importance and advantages of a uniform database be recognized for the success of this project.
Internal resistances should not be underestimated here. Because departments and teams often view the elimination of their data silos or the deletion of shadow databases as an affront. The risk is seen of data and information being incorrectly viewed or interpreted through the lack of silos. The moderation by an external company may contribute to more understanding here.
With external support, a company-wide data catalog can be created to provide an overview of which data exists, what it is used for and where it comes from. Such a catalog is helpful with the implementation of the General Data Protection Regulation and forms the basis for the consolidation of a data warehouse.
A governance program can be developed based on this. The set of rules ensures that the data is put together and managed according to applicable provisions and standards.
Both measures together form the basis for the elimination of silos and the redesigning of the IT infrastructure and processes. This may be a tedious process, but it is still worth it. Because organization becomes more flexible and agile with the standardization of the data warehouse. And thanks to clearer interfaces, it is easier to work with external partners as well.