The bad news first: Insurers are required by no later than 25 May 2018 to provide their customers with more extensive information than before about the transfer of their data, even in the case of credit inquiries and as early as the application process. We recommend a one-page information sheet or – if contracts are processed digitally – a link to the required information. The same applies to the use of the Hinweis- und Informationssystem für die Versicherungswirtschaft (HIS – Reference and Information System for the Insurance Industry).
The EU GDPR therefore results in a significant expansion of insurers’ duty to provide information. Along with our subsidiaries, we worked with the German Insurance Association (GDV) to develop forms for the use both of credit rating information and the HIS. Contact us to ensure you are prepared in time!
All in all, the effects of the EU General Data Protection Regulation will not be as serious as commonly assumed. There is no reason to vilify it. Of course, the duty placed on insurers to provide additional information will initially require considerable time and expense. In purely legal terms, however, the GDPR will not rule out certain processes. That means services involving credit checks, scoring and the use of the HIS will continue to be possible. The General Data Protection Regulation also does not place any limits on these activities.
More room to implement new processes thanks to clear rules of GDPR
In short, the general legal parameters for credit checks and registration remain nearly identical. Either a legitimate interest and the weighing of interests or consent had also been required for this purpose up to this point. Nothing is changing in this regard, even though the new Federal Data Protection Act no longer includes a separate provision explicitly governing cooperation with credit reporting agencies. The new GDPR also contains provisions regarding the subject of scoring, which again largely correspond with the old Federal Data Protection Act. Consequently, scoring is still permitted provided this is required for the execution or performance of a contract.
The introduction of the GDPR could provide one advantage: harmonization of the data protection rules across Europe. After a careful analysis of systems similar to the HIS in Europe, we know that in many countries the quantity and extent of data that can be stored is much greater. This is subsequently available for insurers to use in any number of scenarios. The entry of the GDPR into force could give rise to the opportunity for these regulations to be applied in Germany as well.
Thanks to the clear and uniform rules the EU GDPR puts into place for all companies in Europe, insurers in Germany will have greater clarity in the future and, in some cases, even more room to implement new processes.
Read our White Paper to find out what you need to know about the EU GDPR.