The Regulation on Collection, Storage and Transfer of Insurance Data (“Regulation”) has been published in the Official Gazette dated 18.10.2022 and numbered 31987.
With the Regulation, processing activities regarding insurance data such as obtaining, storing and using insurance data from private legal entities, public institutions and organizations, public professional organizations and their superior organizations and information centers; and the procedures and principles regarding the transfer of these data to insurance companies, reinsurance companies and pension companies engaged in insurance activities and other persons and organizations to be determined by the Insurance and Private Pension Regulation and Supervision Agency (“Agency”) have been regulated.
Insurance data has been defined in Article 4 of the Regulation. According to this definition, insurance data are all data which are the basis for risk assessment, including data on insurance agreements, the insurant and insurance companies that are parties to the insurance agreement, the insured, beneficiaries and other third parties who directly or indirectly benefit from the insurance agreement, and insurance malpractices.
Pursuant to the Regulation, insurance data shall be collected by the Insurance Information and Monitoring Center (“Center“) from entities such as private legal entities, public institutions and organizations, and public professional organizations and these data shall be kept in a general database.
Insurance data may be shared by the Center with member institutions namely insurance, reinsurance and pension companies. Data transfer with other institutions, organizations and data centers shall be carried out through protocols signed by the Center based on the approval of the Agency.
According to Article 11 of the Regulation, data regarding insurance malpractices shall be made accessible to member institutions, specialty institutions and other relevant persons and institutions determined by the Agency and shall not be shared with persons other than these unless explicitly provided in lex specialis.
In Article 15 of the Regulation, purposes for the use of insurance data are listed as numerus clauses. Accordingly, these purposes are as follows:
- To contribute to public oversight, supervision, and economic security in the insurance sector and to the planning of health services financing.
- To follow insurance practices and ensure unity of practice in insurance branches.
- To follow up on compulsory insurances.
- To Contribute to the prevention of insurance malpractices.
- To carry out activities to increase insurance coverage rates.
- To ensure the production of reliable statistics on the insurance sector.
- To calculate the insurance score.
The Center’s activities regarding insurance data are defined in the Regulation as data maturity measurement, reporting, information, testing the suitability of technical infrastructure, and other activities.
The Regulation imposes certain responsibilities on member institutions, such as providing accurate, complete, timely, and consistent information on insurance data upon request by the Center and establishing the necessary infrastructure for healthy data sharing with the Center.
Finally, data subjects shall be entitled to request information from the Center on their own data included in the general database, except for data on insurance malpractices.
You can access the full Turkish text of the Regulation from the link below.