Jump to content
Why are we here ..... Read more... ×
Lisa

Data Protection Act 2018

Recommended Posts

Hi All,

I'm a new member so I hope I have posted this in the right place....

I spoke to the ICO a couple of times yesterday to clarify a few points regarding consent for sensitive personal data. During our discussion, the ICO lady referred to the Data Protection Act 2018 published on 24th May, specifically Schedule 1 - Part 2 -paragraph 20 (p139). This refers to processing of sensitive personal data for insurance purposes, with the lawful basis being "substantial public interest".

 

https://ico.org.uk/for-organisations/data-protection-act-2018/ 

 

I have interpreted this as we don't need consent and don't need to record anything for collecting health info and criminal offence data (there's another "insurance Extension" in Schedule 1, Part 3 (p146) referring to criminal offence data). Please correct me if I'm wrong. I'd love to know what you think!

 

Btw- the page numbers are the document page numbers, not the pdf page numbers.

 

Lisa 

Share this post


Link to post
Share on other sites

Hi Lisa - thanks for the question

 

Looks like this has not gained much response !! Always a tricky area

 

I'm no compliance advisor - so you will need to take better advice. However as a minimum (DPA or GDPR ) you have to prove you have a lawful basis - and that you have a process for those wishing to opt out - even if there are consequences given you are holding their Insurance

 

And when you are no longer holding their (current) policy - then what? What is your documented process for removal of their data you no longer "need"? How can they access it? How can they port it elsewhere?

 

Maybe someone can give a more lucid / generic answer from the coalface - but you really need to take good advice from a good source.

 

Are you a network member and / or do you have a compliance point of reference (other than ICO)?

Share this post


Link to post
Share on other sites

Hi Mark,

 

Thanks for your reply. Everyone must be busy reading hundreds of pages of legislation! 

 

We’re just finalising our procedures now. Good advice has been hard to find. Even the data privacy lawyers are reluctant. I have documented the phone call with the ICO so if we’re doing something wrong we can say they told us to (that was the compliance consultant’s advice). 

 

Thanks,

 

Lisa

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Posts

    • @Philr may be able to help - he is the User Group IPID man!
    • Hi just found this forum    We updated from 5.2.1  to 5.82  how many of you are using 5.82 and how you finding it?  Also how are you getting on with IPID docs?  I finding the PDf don't leave the print queue   Pete  
    • Also - once confirmed and tested, make sure you can access the service outside of your local network    If it cant be connected likely it is a firewall / port issue that you will need your IT / Infrastructure team to allow access to   That can be a little painful too ...   M
    • Creditline + is really good, being able to process payment/allocate to OGI in one process is the main advantage to other solutions.   In a previous life we even linked it to our phone system to fully cover PCI DSS compliance (client keyed in cc number so we did not have to pause record) - but that was fairy expensive to do at the time.   You will get the odd blip when payment has gone through but not allocated to OGI but you will have access to an online portal to check payments received if get one which has supposedly failed.
    • We currently use the Worldpay online card payment facility which is becoming more and more expensive.   We are exploring other avenues available including Open GI's own offering (I believe Creditline Plus).   Can anyone that is using the Open Gi offering please give us any feedback.   Also anyone using an outsourced facility other than Worldpay, who do you use?   Thanks :-)
×