Mortalityrating and GDPR

Previously our service processed a simple file format that included postcode, gender and date of birth alongside pension amount and commencement date for individuals in an occupational pension scheme. This combination of attributes when taken together is often capable of identifying "natural persons" in the language of the upcoming EU General Data Protection Regulation (GDPR). Some might choose to mitigate risk by deleting scheme data as soon as ratings complete. However, an alternative approach would be to perform ratings without requiring a combination of attributes that may be personally identifiable. How could such a thing be acheved?

An important observation is that a postcode does not, in and of itself, contain any personal data about an individual, and various statistics about existing postcodes are freely available in the UK. We therefore created a facility whereby a list of postcodes could be uploaded without any context and turned into numeric proxy values. These proxy values can then be used in any future rating operations. Proxy values do not map one-to-one onto postcodes and, crucially, cannot be reversed back to the original postcode values.

If a personal data obfuscation process is reversible, then under GDPR that data is considered pseudonymised. GDPR encourages pseudonymisation, but although advantageous in many ways, such data still carries re-identification risk via the reversal process, and is thus still subject to the regulation. However, where the process is not reversible and carries no reasonable risk of re-identification, then the data have been anonymised and no longer count as personal data.

Combining the effect of postcode proxies with the fact that mid-month dates of birth have no appreciable impact on rating percentages, we can create rating files with no postcodes or real dates of birth and still achieve accurate results. An example of such depersonalised data is shown below:

Depersonalised rating data

Is there any downside? Apart from a small amount of additional preparation, not really. One consideration is that without embedded postcodes the rating report cannot contain a postal district heatmap. For that reason our latest release allows the creation of any number of such a heatmaps from standalone files of postal districts and individual or aggregate pension amounts. An example of one we baked earlier is shown below!

Standalone postal district heatmap




Find by key-word


A short and simple administrative announcement ... In common with ... Read more
The upcoming EU General Data Protection Regulation places focus on ... Read more
Assume we have a random variable, \(X\), with expected value ... Read more
Gavin Ritchie
Gavin Ritchie is the IT Director of Longevitas helps people set mortality bases for portfolios of pensions in payment in the United Kingdom.  It is primarily intended for situations where there is insufficient experience data for the portfolio itself.  The most common application is for small- and medium-sized defined-benefit pension schemes