LifeQuote’s GDPR policy will involve holding advisers’ electronic data and physical documents for the time being and as it records all calls, these will be retained under the same policy.
For quotation only but no application, data will be held for 365 days. If an application is made but no policy was completed, data will be held for six years, or longer if requested by the regulator.
This allows for data analysis, for monitoring, compliance and to support an application and any subsequent enquiries.
Neil McCarthy, sales and marketing director, LifeQuote, said: “We have already completed a process to ensure our current data storage policies comply with the GDPR.
“This involved destroying and anonymising some historic records as we have always had strict data storage provisions meaning we retained almost all information in order to support advisers or insurers in the future.
“Our already stringent security protocols will remain unchanged. For this reason we also anticipate that some advisers may prefer to outsource their protection administration in order to reduce their GDPR and other data compliance risks.”
When the policy is in force data will be held for 50 years from the date it went on risk. This allows for any future checks relating to queries or claims.
The GDPR policy also includes separate controls for the handling of sensitive, personal and normal data.
Timescales have been chosen to ensure that advisers meet their GDPR, regulatory and legal obligations. LifeQuote will review the policy annually with the first review being June 2018.
In addition LifeQuote has a 41 page due diligence document for advisers, to evidence their procedures and suitability as an outsource partner.