Chapter 16 mentions that a company ceasing to write business may opt to sell its renewal rights as "the details of the policyholders is valuable". Wouldn't such a sale be a blatant infringement of GDPR?
GDPR stipulates that you should only hold data that is absolutely necessary. Well, if you have the renewal rights for a group of policies, that data is indeed necessary. You have to be able to contact policyholders to tell them that policy is due for renewal, and you have to calculate the renewal premiums. So on this occasion, I don't think it would be contravene the regulation.
Next time you buy an insurance policy, take a read of the company's privacy policy (rather than just ticking the box). That'll give you a clue as to how they company would justify the use of your data.
