The Lloyd’s Market Association has provided a co-ordinated industry response to the Information Commissioner’s Office (ICO) on its guidance as to how entities should obtain express consent from policyholders and beneficiaries of insurance cover for the purposes of processing sensitive personal data.
The General Data Protection Regulation comes into effect on 25 May 2018. It will introduce additional requirements for UK businesses, including those relating to consent, and will lead to specific issues for the insurance market. It is essential that the market is clear on how these rules will affect its business.
Many insurance products rely on personal data being provided at both the underwriting and claims stages. For health or travel insurance some of this data is naturally sensitive. The concern for the industry is that the ICO needs to recognise that the provision of sensitive data is essential if a policyholder wants insurance protection and claims to be paid. Whilst the healthcare sector has a specific ground under the General Data Protection Regulation for processing sensitive personal data, the insurance industry has no such ground. The insurance industry’s position is that either the ICO’s guidance must clearly acknowledge and allow consent for the processing of data in connection with the provision of insurance services, or the industry needs a dedicated ground for processing such data.
The LMA, ABI, IUA, BIBA, LIIBA and BIPAR have provided a joint response to the ICO and have asked the Department of Culture Media and Sport (the ICO’s sponsoring department within government) to consider a new dedicated processing ground for the insurance industry.