Context
The FCA and the ICO have issued a joint statement on regulatory expectations regarding firms’ approaches to vulnerability-related data. The statement aims to help firms understand and apply the FCA’s expectations for delivering good outcomes for retail consumers in vulnerable circumstances, in line with the Consumer Duty, while also maintaining confidence in the lawful, fair and responsible use of personal information in line with the ICO’s expectations.
Key points to note and next actions
The statement sets out FCA expectations, data protection considerations, and examples in relation to:
- Supporting consumers in vulnerable circumstances (including data protection principles, lawful bases, special category data, data protection impact assessments (DPIAs), and automated decision making and profiling.
- Sharing data across distribution chains.
- Monitoring customer outcomes.