Insurance Europe Published Guidance On Insurer's Obligations Under The GDPR

AC
Arthur Cox

Contributor

Arthur Cox is one of Ireland’s leading law firms. For almost 100 years, we have been at the forefront of developments in the legal profession in Ireland. Our practice encompasses all aspects of corporate and business law. The firm has offices in Dublin, Belfast, London, New York and Silicon Valley.
On 16 May, Insurance Europe published an overview of insurers' main obligations under the General Data Protection Regulation (GDPR).
European Union Insurance

On 16 May, Insurance Europe published an overview of insurers' main obligations under the General Data Protection Regulation (GDPR). Under the GDPR, when insurers process personal data in a situation in which they determine the means and purposes for which the data is processed, they become data controllers and need to comply with several obligations.

Firstly, there is an obligation on insurers to keep consumers informed by providing them with certain information, such as who is processing their data and for what purpose. When this processing of data entails a high risk to an individual's rights and freedoms, insurers are obliged to assess the risks and take measures to mitigate the risks before processing the data. Under the GDPR, if an insurer's core activities involve regularly monitoring individuals or the processing of special categories of data, such as health data, it must appoint a Data Protection Officer (DPO). The DPO is responsible for advising the insurer and will also cooperate with the supervisory authority to ensure compliance with the GDPR. Notification requirements also feature, with an obligation on insurers’ to notify their supervisory authority within 72 hours of detecting a data breach.

Overall, insurers will be responsible for demonstrating their compliance and ensuring insurance consumers can effectively exercise their rights under the GDPR.

An overview of insurers’ main obligations is here.

This article contains a general summary of developments and is not a complete or definitive statement of the law. Specific legal advice should be obtained where appropriate.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More