GDPR

GDPR

DATA PROTECTION

London Market Core Uses Information Notice

The LMA, with the IUA, LIIBA and BIBA, has published a London Insurance Market Core Uses Information Notice available below:

Click to download

The notice is not designed to cover all processing activities of a market participant (e.g. it does not cover marketing activities) and therefore should not be used as a template. Market participants may still need to draft their own information notice in order to describe their processing activities and obtain any necessary consents.This Core Uses Information Notice is designed to help data subjects understand how various insurance market participants process their personal data in respect of core activities through the insurance lifecycle.

The Core Uses Information Notice has two principal purposes:

  • First, it is designed to assist the market participant, or its client with the interface with the data subject, to describe how the data subject’s personal data may be disclosed and used by other market participants for core activities during the insurance lifecycle. It is envisaged that market participants link to the Core Uses Information Notice from their own information notices. We are discussing with LMG the hosting of the Notice on their website with further guidance on its use.
  • Secondly, it may be cross-referred in contractual documentation governing the receipt of such personal data when one market participant is relying on other market participants to provide notice or obtain consent on their behalf, for example in a TOBA or binding authority agreement. Market model agreements are under review.

The Notice includes a statement that it is necessary for the data subject to consent to certain processing of Special Category Personal Data (e.g. processing of health data where relevant) in order for the insurance market to function effectively. Despite potential difficulties with reliance on consent, it has been included in this Core Uses Information Notice as consent is, currently, the only ground that can be relied on for the processing of most Special Category Personal Data and criminal convictions data.

The EU General Data Protection Regulation (GDPR) includes rules on giving privacy information to data subjects in Articles 12, 13 and 14. These are more detailed and specific than in the Data Protection Act (1998) and place an emphasis on making information notices understandable and accessible.

The Information Commissioner’s Office (ICO) has published a revised Code of Practice on Privacy Notices, transparency and control (CoP) together with a checklist for privacy notices to help organisations to comply with the forthcoming UK Data Protection Act (the Bill is now in Parliament) and the requirements under the GDPR. The ICO recommends adopting a blended approach, using a number of different techniques in order to present information in a fair and transparent way, taking into account the audience, the available methods of communication and the complexity of the data processing.

The Core Uses Information Notice has taken into account the complexities of the insurance market, the GDPR requirements and the current guidance. It includes a ‘Data uses table’ at Appendix 1 to provide data subjects with transparency as to how their data may be used for core activities by each of the market participants in the insurance lifecycle. It should be noted that in order to be consumer friendly, it does not seek to explain all of the complex relationships in the Lloyd’s or London markets – rather it groups market participants into the broad categories of intermediaries, insurers and reinsurers.

The Core Uses Information Notice is a live working draft and will be reviewed at least quarterly. The UK Data Protection Bill, when enacted, may lead to changes in the Notice, as will further guidance from the ICO; we expect it to be further refined through market feedback and possibly through a consumer readability review.

As stated above, simply cross-referring to the Core Uses Information Notice may not guarantee GDPR compliance in relation to the matters covered in it; but widespread use will greatly assist in educating consumers consistently on how their personal data is used throughout the insurance lifecycle and thereby support each market participant’s own efforts to meet its obligations.

This Core Uses Information Notice is the result of significant work of the market associations and members participating on the LMA GDPR Focus Group; and also input from our panel of law firms: Clyde & Co, Norton Rose Fulbright and DAC Beachcroft.

Latest Content

Electronic placement goes live with Accident & Health

The board of PPL Ltd announced that the Accident & Health classes of business went live on the platform on Monday 16th April. To read the full press release, please click here

London Market creates permanent body to manage market services

The London Market Group announced today the launch of London Insurance Market Operations & Strategic Sourcing (LIMOSS) led by Managing Director, Patrick Molineux.

Read the full press release here

London Market announces new chair

The London Market Group (LMG) today announced the appointment of Andrew Horton, CEO of Beazley as its new Chair with effect from 4 May 2018. Read the full press release here

PPL TO APPOINT NEW CHAIR WITH ADOPTION THE KEY PRIORITY

Read the full press release here 

Response from chairman Nicolas Aubert to Brexit Transition Announcement

Read in full 

CLAIMS TRANSFORMATION PRIORITISED IN LM TOM

The London Market Group has announced that claims transformation will become a focus for the Target Operating Model (TOM) in 2018. Read more here

PPL Come of age with one of the largest transactions at Lloyd's

Read the full press release here 

Happy 1st Birthday @LIL

Today London Insurance Life turns 1 read more here

Structured Data Capture now live for all classes of business

Full Story

Keep in Touch

Get event updates sent to your inbox