| Link(s): | New CII vulnerability guidance helps firms navigate Consumer Duty and UK GDPR coh_j4041-data-privacy-customers-in-vulnerable-circumstances-guide-c3.pdf |
Context
The CII has published some new guidance to support insurance and personal finance firms in managing data relating to customers in vulnerable circumstances. The Data Privacy for Customers in Vulnerable Circumstances guide clarifies in practical terms how customer vulnerability-related data can be managed in compliance with UK data protection requirements and the Consumer Duty.
Key points to note and next actions
- Developed for compliance officers, data protection specialists, operations managers, the guide is intended to act as a practical foundation for embedding effective vulnerability data management across the sector.
- By clarifying how firms can collect, store and use vulnerability-related information responsibly, the CII aims to support a more consistent, confident and customer-centred approach across insurance and personal finance.
- The article introducing the new guidance sets out the CII’s view that there are three distinct and interconnected purposes for processing vulnerability data. Firstly, to provide appropriate support and to prevent harm. Secondly, to meet reporting requirements. Thirdly, to drive product and service improvements.
- The guidance has been developed to address the perceived risk of infringing data protection law as a result of processing vulnerability-related data.
- The guidance builds on joint communications from the FCA and ICO, which clarify that UK data protection laws and the requirement for processing vulnerability-related are not in conflict.
- The guidance itself is detailed, and is split into four sections:
- Context and Principles
- Vulnerability data requirements
- Establishing policies
- Operational data management