The Chartered Insurance Institute has published a new guide – Data Privacy for Customers in Vulnerable Circumstances – to help insurers manage the data they hold on vulnerable customers and remain compliant with UK data protection requirements and the Financial Conduct Authority’s Consumer Duty.

The CII believes that organisations can be hesitant to process vulnerability-related data because they fear they will fall foul of data protection law. The guide was developed with input from the FCA and the Information Commissioner’s Office to show there is no conflict between UK data protection laws and the requirement for processing vulnerability-related data.

Matthew Hill, chief executive of the CII, said: “Too often data protection is used as an excuse not to do the right thing. Our new guidance should give insurance professionals the confidence to make data work for better consumer outcomes.”

Robert Bell, co-author of the guide and director at RB Compliance Consultancy, added: “We live in a world where health and support needs are increasingly openly discussed, as reflected in expanding regulatory expectations meaning firms have to be laser focused on supporting customers who find themselves in vulnerable circumstances. It is also important to use this data to amend the product design as part of the expectations of the Consumer Duty. However, none of this is possible without data and this is where many organisations believe they run into a barrier – UK GDPR.

“The CII identified this problem and the need to form a clear set of standards to guide firms through recording vulnerability data whilst maintaining compliance with UK GDPR. It has been a pleasure to be involved in creating this important guidance document which I hope proves useful for the industry.”