Skip to content

FINEOS will support the new General Data Protection Regulation (GDPR)

New ‘Right to be Forgotten’ feature in Version 8.9

FINEOS Corporation, the market-leading provider of core systems for Life, Accident and Health insurance, announced today that FINEOS Version 8.9 will support insurers in meeting their obligations under the new General Data Protection Regulation (GDPR). The GDPR, which takes effect on 25 May 2018, provides a single data protection framework for all institutions processing data in the European Union. There are significant sanctions for non-compliance including fines of up to €20 million or 4% of the worldwide annual revenue, whichever is higher.

Insurers are subject to varying levels of regulation depending on location and size and FINEOS already supports compliance in accordance with local, national and federal regulations. The new EU regulation imposes a stricter set of data privacy and security measures across a range of areas. One of the most challenging to operationalize is the new ‘Right to Erasure’ or ‘Right to be Forgotten’ provision which gives individuals the right to have all personal information deleted if the data is no longer necessary for the purpose for which it was originally collected. For insurers, this means maintaining a comprehensive view of all data belonging to an individual as well as the data location and purpose. They will also need to show whether individuals have given or revoked their consent to process and keep data and respond promptly to requests from individuals to see what information the organization is holding on them.

FINEOS Version 8.9 helps solve the ‘Right to be Forgotten’ requirement with a new feature that provides insurers with the ability to identify those persons and case records where the data is no longer needed for the reason for which it was originally collected.  Once identified, FINEOS will remove all personally identifiable information belonging to the individual including documents, forms, notes and any protected health information. Reports are provided prior to any actual changes to allow the user to prevent removal of a case or person record. The results of the process are also recorded, ensuring the insurer can prove when the data was erased.

According to Michael Kelly, CEO, FINEOS, “At FINEOS, we understand the challenges facing insurers in managing and protecting sensitive customer information and that understanding has informed the design of our architecture at all levels. In addition, the inherent flexibility of the FINEOS product means that our customers are well positioned to deal with the challenges presented by GDPR and other future regulatory, business, product, and structural changes”.