"it is already based on statistical assumptions" @AC
Yes. Broad statistical assumptions, but risk is still shared, and insurance companies are unlikely to deny cover except in very specific cases.
But being able to mine exact information about individuals allows them to say "I would not touch this guy with a barge pole", whereas previously, they would have had to have taken effectively a gamble on whether the whole demographic they were in was a risk.
What happens at the moment is that if someone is in a particular risk group, they will probably be offered more expensive insurance, whereas if the insurer had specific information (which may not actually have been told to the patient as it may be detailed clinical information), they could turn round on an individual-by-individual basis and just say no.
And I would hazard to suggest that they would not say why an individual had been refused because of 'data protection' issues.
The whole concept of insurance is shared risk. If the insurance companies were able to decide to only offer insurance on things that they knew were unlikely to happen (the flip side of refusing to insure for things that they could tell were more likely to happen because of detailed individual information), then there is no real risk, and they would just take the money and laugh!