Commercial Risk Europe: Munich Re readies GDPR compliance tool as experts warn many firms not ready for new rules

04 January 2018

Help is at hand for businesses struggling to be ready for the EU’s General Data Protection Regulation (GDPR), which comes into force in May 2018. Munich Re is putting the finishing touches to a tool it says will help companies understand how their business stores and uses personal data.

Under the GDPR rules, companies that collect personal information must be able to identify where data is kept so it can be protected and removed when needed. Companies that fail in this task could face heavy fines.

But a growing array of experts are concerned that many organisations are not ready for the GDPR.

Fewer than half of firms (45%) currently have a compliance plan in place to meet GDPR requirements, according to a recent survey by SAS.

It therefore seems that the help on hand from Munich Re is greatly needed.

The reinsurer originally developed a GDPR tool for its own use. It was used to prepare Munich Re’s 16,000-page GDPR submission in advance of the May deadline.

“Munich Re has over 500 processes internally where it has to document privately-held data, and more than a few hundred service providers that it has to evaluate and classify according to the new rules,” Christof Reinert, head of Munich Re’s recently formed Risk Management Partners explained to CRE.

“Small, mid-sized companies (including insurers) can have even more service providers, adding to the complexity. Compliance can be expensive because it requires considerable resources, internally as well as outsourced,” he added.

Recognising the potential demand from insurance and non-insurance companies for guidance on how to manage GDPR compliance, Munich Re moved to develop the GDPR tool for its own clients to purchase.

Outsourcing the job to professional services corporations is an expensive option, said Lishen Lutchmiah, Munich Re’s GDPR tool project lead. He said Munich Re’s solution allows 95% of the compliance work to be carried out by company employees that do not have legal expertise.

“We’ve developed a simple dialogue system to help data protection officers understand what data is being held, where it is being processed, who the process owner is and how the data is being stored and protected,” Mr Lutchmiah explained.

“Using the dashboard, it is possible to classify critical data and perform gap analysis,” he added. “In addition, the tool collates all the data that is required to fulfil GDPR requirements and automatically generates ready-to-sign records, agreements and other documentation needed for audits and the regulator.”

Mr Reinert said the product is currently being trialled by two customers and that more pilot customers will be added before a final “fit for purpose” version is made available for sale in March.

Full article on Commercial Risk (subscription required)


© Commercial Risk Europe