Data protection

Data processing is key for insurers and consumers

Insurers recognise the importance of data protection, since data processing lies at the very heart of their business. Insurers process data to analyse the risks that individuals wish to cover, which allows them to tailor their products accordingly.

Data processing also plays an essential part in evaluating and paying policyholders’ claims and benefits, as well as in detecting and preventing fraud.

The comprehensive European data protection regulatory framework — the General Data Protection Regulation (GDPR) — became fully applicable on 25 May 2018. It introduces new requirements for insurers, provides enhanced rights for consumers, strengthens data authorities’ powers and establishes high upper limits for fines in cases of non-compliance.


The 2002 ePrivacy Directive is an important set of rules to help to protect privacy in the digital age.

In January 2017, the European Commission published a proposal to update the rules. However, there remain unanswered questions about essential aspects of the proposal, including its scope of application, its definitions and its inflexible legal bases, all of which could prevent insurers from meeting consumers’ needs and expectations.

Insurance Europe acknowledges the need for additional rules to protect the confidentiality of electronic communications, as they may reveal highly sensitive information about consumers. At the same time, any requirements imposed in addition to those already established by the GDPR should serve a specific, legitimate purpose, bring added value to consumers and establish clear rules that do not hamper innovation.

Search Data protection archive


William Vidonja

Head of conduct of business
+32 2 894 30 55

Danilo Gattullo

Senior policy advisor
+32 2 896 48 24