Back to All Events

Data privacy for customers in vulnerable circumstances

Many firms question whether they can record and share data about vulnerable customers without falling foul of GDPR. The joint FCA/ICO statement of March 2026 made clear that data protection law is not a barrier but an enabler.

Drawing on the CII's recent practical guide to GDPR and data privacy, three of the guide’s co-authors – Andrew Gething of MorganAsh, Robert Bell, and Vanessa Riboloni of the CII – move the conversation from “are we allowed?” to “how can we do this well?”.

Overview

  • Introduction: customer vulnerability data requirements

  • Proactive and reactive data collection

  • Data accuracy – inferred data, objectivity and consistency

  • Why explicit consent is the preferred lawful basis

  • When explicit consent is not practical – scenario matrix

  • Data minimisation – what to store and at what level

  • Deletion, retention and subject access requests

  • Sharing data within and between firms – tiered access


Robert Bell

Robert Bell

Founder of RB Compliance Consultancy. FCA and UK GDPR compliance expert and author of A Practical Guide to the FCA's Consumer Duty. Co-author of the CII guide, Data privacy for customers in vulnerable circumstances


Andrew Gething

Andrew Gething

Founder and managing director of MorganAsh, a leading provider of digital vulnerability management and medical underwriting services. Recognised expert in consumer vulnerability and creator of the MorganAsh Resilience System (MARS). Co-author of the CII guide, Data privacy for customers in vulnerable circumstances.


Vanessa Riboloni

Vanessa Riboloni

Head of research and insight at the Chartered Insurance Institute, where she leads initiatives to support the development of professional standards, good practice and advocacy across the insurance and financial planning sectors. Co-author of the CII's Managing customer vulnerability in insurance and personal finance: A practical implementation guide – released in November last year and now established as the blueprint for vulnerability management across multiple sectors – as well as the data privacy guide we discus on this webinar.


Next webinar

In our next webinar, we look at how proactively supporting vulnerable customers can drive real commercial value beyond regulatory compliance. We explore how embedding vulnerability into business strategy strengthens customer relationships, improves outcomes, and reduces complaints and inefficiencies, while using data and inclusive design to enhance decision-making, brand reputation, and long-term performance.

Next
Next
20 August

The business benefits of managing vulnerable customers