Austria: DSB approves GDPR code of conduct for insurance sector
The Austrian Chamber of Commerce ('WKO') announced, on 3 December 2021, that the Austrian data protection authority ('DSB') had approved a code of conduct on the application of the Federal Act on the Protection of Individuals With Regard to the Processing of Personal Data (Data Protection Act (DSG) BGBI. I No. 165/1999) ('DSG') and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') to the insurance sector. In particular, the WKO highlighted that the code of conduct, which was drafted by the Association of Insurance Brokers and Consultants in Insurance Matters, in cooperation with representatives of the industry and the Federal Department of Information and Consulting of the WKO, aims to provide legal certainty for insurance brokers and consultants on specifics of the individual processing areas of the industry, alongside the application of the GDPR and its implementation provisions in the DSG.
Specifically, the WKO highlighted that the code of conduct provides for rules including the legal bases under which insurance brokers can process personal and sensitive personal data in accordance with the GDPR, whilst also clarifying that an insurance broker is a data controller, who acts independently in the interests of the customer and is not subject to any data protection instructions from an insurance company.