The General Data Protection Regulation (GDPR) will replace the Data Protection Act 1998 from 25 May 2018.
It brings quite a few new requirements, including the requirement for data controllers to inform consumers what personal data they collect, the intended purpose for processing the personal data and also the lawful basis for the processing. Businesses and organisations that process special categories of data, for example health data, need to identify both a lawful basis for processing and a special category condition for processing.
This can cause some difficulties for the insurance industry, especially the Lloyd’s and London Market due to multiple data controllers who share personal data between each other.
The Lloyd’s Market Association has drafted a “core uses information notice” which is designed to inform consumers of the nature of the market and how their personal data may be processed. This document explains the background and provides information on how the notice should be used by insurance market participants.
Further details can be found here.