Insurance EuropeInsurance Europe
Insurers highlight challenges of applying GDPR

Insurance Europe has responded to questionnaires from the European Commission on insurers’ experiences and concerns about the application of the General Data Protection Regulation (GDPR).

The questionnaires were circulated in follow-up to the Commission’s GDPR multi-stakeholder expert group meetings. The responses to the questionnaires will be the basis of the stocktaking report on the application of the GDPR that the Commission will publish in June 2019.

Insurance Europe welcomed the opportunity to contribute to the stocktaking exercise and highlighted the importance of continuing to allow insurers to provide feedback on the application of GDPR to guarantee the best outcome possible for consumers and industry in the GDPR review expected in 2020.

Insurance Europe raised concerns about the difficulty in updating IT systems to ensure compliance (eg, privacy by design and by default, automated deletion of data when data retention periods are met) and the difficulties in classifying suppliers as either controllers or processors, the difficulties in adapting processor agreements, and allocating liability between the controller and the processor.

Importantly, Insurance Europe raised concerns on the impact that certain GDPR provisions can have on the use of innovative technologies in the sector. It also reported that the variety of legal bases across member states for processing health data in insurance creates difficulties for insurers that conduct their business in multiple member states.

Published 11 April 2019