pr SUBSCRIBE
pr SUBSCRIBE

CII launches new guide on handling vulnerable customers' data

The guide examines how to manage data relating to customers in vulnerable circumstances in compliance with the FCA's Consumer Duty.

Related topics:  CII,  Guides
Lucy Whalen | Editorial Assistant, Protection Reporter
19th June 2026
Data analysis
"Too often, data protection is used as an excuse not to do the right thing."
- Matthew Hill - Chartered Insurance Institute (CII)

The Chartered Insurance Institute (CII) has launched the Data Privacy for Customers in Vulnerable Circumstances guide, aimed at supporting insurance and personal finance firms that manage data relating to customers in vulnerable circumstances.

The guide, launched at an event in London earlier this week, looks at how customers' vulnerability-related data can be managed in a way that complies with both UK data protection requirements and the FCA’s Consumer Duty. 

The CII says that there are three distinct and interconnected purposes for processing vulnerability data: providing appropriate support and preventing harm, meeting reporting requirements, and driving product and service improvements.

The guidance is designed to address cases where organisations can be hesitant to process vulnerability-related data due to concerns about infringing data protection law. The guide builds on joint communications from the FCA and ICO, which clarify that UK data protection laws and the requirement for processing vulnerability-related data are not in conflict.

The CII says that the guide, which was developed for compliance officers, data protection specialists, and operations managers, is intended to act as a practical foundation for embedding effective vulnerability data management across the sector.

READ MORE: Perci Health urges employers to combat cancer misinformation

"Too often, data protection is used as an excuse not to do the right thing. Our new guidance should give insurance professionals the confidence to make data work for better consumer outcomes," Matthew Hill, chief executive at the CII, said.

"We live in a world where health and support needs are increasingly openly discussed, as reflected in expanding regulatory expectations, meaning firms have to be laser focused on supporting customers who find themselves in vulnerable circumstances," Robert Bell, co-author of the guide and director at RB Compliance Consultancy, added.

"It is also important to use this data to amend the product design as part of the expectations of the Consumer Duty," Robert added. "However, none of this is possible without data, and this is where many organisations believe they run into a barrier - UK GDPR.

"The CII identified this problem and the need to form a clear set of standards to guide firms through recording vulnerability data whilst maintaining compliance with UK GDPR. It has been a pleasure to be involved in creating this important guidance document, which I hope proves useful for the industry."

More like this
Latest from Financial Reporter
Latest from Property Reporter
www.barcadiamedia.co.uk
Advice for Readers

While this website is checked for accuracy, Barcadia Media Limited are not liable for any incorrect information included. We recommend that you make enquiries based on your own circumstances.

Useful Links
Protection Reporter and protectionreporter.co.uk are trading styles of Barcadia Media Limited. Barcadia Media Limited is registered in England & Wales No. 6970806 Registered address.
Barcadia Media Ltd, 14 Edward Street, Blackpool, Lancashire , FY1 1BA. Data Protection Notification No: Z162 1548.
CLOSE
Subscribe
to our newsletter

Join a community of over 8,000 intermediaries and keep up-to-date with industry news and upcoming events via our newsletter.