The Chartered Insurance Institute (CII) is publishing guidance on managing customer vulnerability while remaining GDPR compliant to help promote data sharing across the industry.
The body noted there were “widespread misconceptions about GDPR compliance, with many firms displaying excessive caution” around customer vulnerability data.
It highlighted that explicit consent is not always required to share vulnerability data and that legitimate interest and substantial public interest tests can apply to vulnerability data management aimed at improving customer outcomes.
Four actions
The CII added it is aiming to take a lead in helping the sector better support data sharing of vulnerable customers.
As part of its role the CII has outlined four key acts to help shift the industry from compliance-focused approaches to outcome-driven data sharing.
It said it recognised the need for common standards and an ecosystem that promotes sharing data to create customer value.
It intends to:
- Lead stakeholder collaboration by convening a cross-sector working group including consumers to co-develop solutions for some of the challenges identified. A key focus will be on the creation of a common vulnerability taxonomy
- Enhance professional standards by integrating vulnerability content within CII qualifications and Continuing Professional Development (CPD).
- Publish vulnerability management and GDPR guidance which is to launch soon. The CII is developing good practice guidance on how to manage vulnerability and measure outcomes to meet regulatory requirements, as well as guidance on managing vulnerability data while remaining GDPR compliant
- Conduct lived experience research by gathering insights from individuals who have lived experience of vulnerability, to inform the development of its guidance, shape case studies, and help craft compelling narratives that clearly illustrate the benefits derived from better managing vulnerability
CII Group CEO Matthew Hill said: “Sharing vulnerability data across firms has the potential to improve substantially the experience of customers in vulnerable circumstances.
“We’re making this report available in an effort to drive the vulnerability conversation forward and implement action that meets regulatory requirements and customer needs.”
