The Interplay Between the GDPR and the IDD
AbstractThe General Data Protection Regulation (GDPR) and the Insurance Distribution Directive (IDD) have radically transformed the EU data protection and insurance distribution laws, thus constituting the two main regulatory sources of disruption for the insurance industry. The new IDD obligations require the adoption and implementation of compliance measures, which affect both the internal and the external operations of distributors, and which in numerous cases involve and even require the collection and processing of personal data in order to be effective and achieve the intended goals. As such, compliance with the IDD provisions needs to be designed in a way that respects the applicable GDPR provisions and ensures abidance by the related data protection obligations. This chapter aims to highlight some characteristic examples of areas where the IDD obligations mingle with the GDPR provisions, both in terms of the internal organization and functioning of insurers and intermediaries (Sect. 2), as well as with regard to the relations between distributors and their customers, and between distributors themselves (Sect. 3), and to pose some of the key issues that should be taken into account when attempting to tackle the interplay of these two sets of rules.