Process automation and the audit trail indemnify insurance companies from GDPR data breaches

w7 privacy

In light of the GDPR guidelines, it’s now more critical than ever for companies to protect their customers’ data. Private data is no longer to be shared freely within organizations, and companies are no longer permitted to collect whatever kind of data available. Instead, they should keep their data collecting to a bare minimum.

These new guidelines can be especially challenging for the claims process of insurance companies, as part of investigating the legitimacy of a claim is to collect as much data as possible. Additionally, some cases require the sharing of data between different departments within the organization and sometimes even with other organizations.

To fail to comply with GDPR poses a significant risk for insurance companies. Fines of up to 20 million euro or 4% of an insurance company’s annual worldwide income – whichever is higher – is the consequence of compliance failure. That same fine can also be imposed when companies fail to report data breaches to the authorities. On top of that, companies are only given 72 hours to report a data breach. So, as you can see, it’s vital for insurance companies to acquire the right tools to comply with GDPR.

Process automation anonymizes the claims process

One of the tools insurance companies can deploy, specifically in the claims process, is process automation. When an insurance company automates the claims process and especially the assessments and investigations of claims, they’re better equipped to comply with the GDPR laws.

The GDPR act favors the anonymization of personal information in data processing. When an insurance company anonymizes its data processing, they can reduce their risk and are complying with the GDPR act. If a company can prove that the true identity of an individual can’t be found out from their anonymized information, that data is released from being stored under the other privacy measures GDPR prescribes.

Process automation is a tool that helps insurance companies to anonymize their data. The picture below depicts how that works. The questions on the left side of the image are all anonymously and automatically processed. Moving on to the question ‘Who did it’ is only possible when the system identifies an auditable suspicion of insurance fraud. At that point, an authorized special investigator will get involved to investigate the case further and is allowed to access the private data of the involved customer. For all other customers, private data is shielded from being viewed by anyone within the organization, and the system automatically processes their claims.

w7 privacy

The audit trail as a protection measure in special investigations

By automating the claims process, an audit trail is also automatically created and maintained throughout the entire process. If an alert is generated because a particular claim seems to be suspicious to the system, every action of the special investigator is registered in the audit trail. Keeping an audit trail is essential for the overall accountability of the results of an investigation and is also required by the GDPR regulation.

PWC identifies meeting the 72-hour deadline to report a data breach to the authorities as one of the most challenging duties for insurance companies as it means they need to have processes in place and they have to know exactly where their data is. With an automatically created audit trail, meeting that 72-hour deadline becomes a lot less challenging.

To create the audit trail seven questions from the perspective of the researcher or case need to be answered. Those questions are:

  • What was done to get to the reasoning behind the case?
  • Weight of the sanctioning measures?
  • When was the research done?
  • Where do the facts used in the case come from?
  • Who was involved in the investigation?
  • With what (tools?) has the investigation been conducted or completed?
  • Why does it explain the probable cause?

The audit trail helps insurance companies defend their case against the authorities if they’re asked to clarify why the personal data of a customer was accessed. A report is automatically created, and thus the audit trail is easy to share with the authorities making the 72-hours far less of a challenging deadline.

Even without GDPR, insurance fraud remains a challenging issue for insurance companies. In our white paper “Eliminate insurance fraud and save up to 10% in paid out damages by standardizing the investigations process” we explain our W7 Standard and how automation of the claims process helps insurance companies to detect and prove insurance fraud faster and easier. Interested in reading more? Get free access to our white paper here.



Tames Rietdijk

Tames Rietdijk is the CEO of BusinessForensics. His area of expertise lies with Product management, Forensic investigations and Data analytics. His work is focused on improving market mechanisms and operational efficiencies to increase value for his customers.