Latest Information from LifeQuote about GDPR
General Data Protection Review (GDPR) legislation was introduced on 25th May 2018 and replaced previous Data Protection requirements.
Please see below for updates from LifeQuote.
Please see below for updates from LifeQuote.
GDPR – The Final Update
As the GDPR deadline arrives this week, I want to provide a final update and also a brief summary for you.
Our apply journeys have been updated for some time and, whilst we’d recommend the speed and convenience of using LifeQuote to apply online, for those few paper applications received we will ask you to confirm you have obtained consent when submitting any form of paper application to us – an updated cover sheet is available from your Case Manager and will shortly be on the LifeQuote portal.
We’re updating our LifeQuote password functionality, as confirmed in a recent separate email, and we will roll this out over the next few weeks. This will make the LifeQuote portal easier to use and improve password robustness for you.
Our due diligence pack as proven very popular in providing the required outsourcing assurances for you and please let me know if you still need a copy.
To summarise, we have made these changes to ensure we are ready for the GDPR deadline:
We have kept you up to date on progress and actions and if you do have any questions, please let me know.
And remember we are here to help with any future questions or queries, particularly from customers about their rights (as per LifeQuote Update 6) by using the email compliance@lifequote.co.uk.
Ryan Mustchin, Head of Compliance and Agency
In the meantime if you require more information, please use the sources below or alternatively contact us at:
Ryan Mustchin, Head of Compliance and Agency, ryan.mustchin@lifequote.co.uk
Nathan Wehrly, GDPR Support, nathan.wehrly@lifequote.co.uk
In this update, I’ll explain what to do if you, as the data controller, receive customer requests or enquiries under the new legislation and how LifeQuote will work with you to complete them together with some reminders as the GDPR deadline approaches.
As you know, our privacy notice has been updated and is in place. This makes it clear how we are handling your customers’ data and is a good starting point for any enquiries. Customer rights are enhanced under GDPR and include the following:
Access – Customers can access all data held about them which will need to be supplied within 30 days from the request, free of charge – we will summarise all data pertaining to the customer and liaise with you to provide this to them as required.
Rectification – Customers can have inaccurate personal data rectified, or completed if it is incomplete – much like the current process if a customer informs you of a change to their personal data. You will simply need to inform us so we can update our records and pass this information to the relevant insurer.
Erasure – A right for customers to have their personal data erased, which is commonly known as the ‘right to be forgotten’. If an application has been made we will have a legal requirement to keep the data under our agreed retention period for the establishment, exercise or defence of potential legal claims. We have some wording to help manage such requests.
Restriction – Customers have the right to restrict the processing of their personal data in certain circumstances. This means that an individual can limit the way that an organisation uses their data. This is an alternative to requesting the erasure of their data – if a customer requests their data to be restricted we will immediately cease the processing of this data and inform the insurer of the customer’s request. Restriction will involve still holding the data on our systems but with notes to confirm that the processing has been restricted.
Objection – Individuals have the right to object to the processing of their data. Our legal basis for processing the data is to fulfill a contract (on your behalf) but again we will immediately cease the processing of this data and inform the insurer of the customer’s request. This will involve us holding the data on our systems but with notes to say the customer has withdrawn consent.
Data Portability – The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. We will liaise with advisers and insurers in such circumstances.
Quote simply, all you need to do is let us know at compliance@directlife.co.uk when you get a request and we’ll work together to complete it and ensure this dovetails with how you are handling requests for the data you also hold. We will contact you if we receive any sort of Data Protection related request from your customer and in the unlikely event of any data breach, we will contact you immediately and liaise on the appropriate action.
As per previous updates, contractual changes are nearing completion. The majority are via a variation clause in our agreement which means there is no need to sign anything and we’ll simply confirm the required clause changes to meet the new legislation. If a formal contract change is needed for any reason, we’ll have been in touch.
Our proposed LifeQuote log in/password changes will also be confirmed shortly; these will make the system easier to use, enable you to choose your own password and make the passwords more robust.
Finally, our due diligence pack has proved very popular and useful in ensuring evidence of appropriate oversight and if you do want a copy, please let me know.
Ryan Mustchin, Head of Compliance and Agency
In the meantime if you require more information, please use the sources below or alternatively contact us at:
ICO – GDPR 12 steps
ICO Blogs
For any enquiries, please contact Ryan Mustchin, Head of Compliance and Agency via ryan.mustchin@lifequote.co.uk or Nathan Wehrly, GDPR Support via nathan.wehrly@lifequote.co.uk.
01243 791039