PressNewsCompanyCorporate governance: Watchful Eye

New Data Privacy Regulations

Watchful Eye

Service & Contacts

Allianz Group Communications
Koeniginstr. 28
80802 Munich
Germany

Contact overview

Receive the latest Allianz news.

Newsletter

Follow Allianz in the social networks:

Facebook
Twitter
Google+
LinkedIn

  • Contact

  • Newsletter

  • Social Media

The new General Data Protection Regulation (GDPR) data privacy rules to be introduced in the European Union soon will dramatically change the relationship between insurers and their customers...

Allianz SE
Munich, Oct 23, 2017

New regulations are soon to be introduced that will dramatically alter the relationship between customers and insurers. Allianz Group Chief Privacy Officer Philipp Raether explains what’s going to change and what it means for you and us...

Allianz-data-privacy

Allianz-Philipp-Raether

Philipp Raether

With most of us present in the online world, privacy is a luxury these days. The digital world is now so ingrained into our daily lives that it is easy to forget how recent a phenomenon it is.
  

It was only in 1969 that the first computer-to-computer message was sent via the ARPANET network. It would still take more than 20 years before this would become the rudiments of the Internet in the early 1990s.
  

In digital terms, that was the Dark Ages. Google didn’t exist, Steve Jobs was still in school, and the mouse had only been invented a few years before – although most people would not have known what to do with it. Yet, somehow back then, in 1970, the German federal state of Hessen had the foresight to pass a data protection law. The complexity of the digital world has expanded exponentially since. Smartphones and the cloud have untethered us from PCs, enabling us to access constant streams of information on-the-go. But it also means information about our activities are being continually collected. This gathering, processing and exchange of data have become valuable daily activities for most businesses.
  

When the General Data Protection Regulation (GDPR) comes into force in May next year, the European Union will have dragged the notion of data privacy into the 21st century. European countries already have privacy regulations in place, but the GDPR takes it to the next level and fundamentally changes the whole data lifecycle. The GDPR introduces more protection for individuals ("data subjects" as they are known), more privacy considerations for organizations — and stiffer penalties for violations. Significant breaches could even lead to fines of up to 20 million euros, or 4 percent of a company’s global annual turnover for the preceding year.
  

For example, for a company like Allianz – with a global annual turnover of approximately 120 billion euros for 2016 – a serious breach could mean a maximum fine of 5 billion euros!
  

Privacy by design, privacy by default

Back in the 1990s, personal data (such as name, address, phone and account numbers, email and IP addresses, etc) was already protected under a right of data protection, but the GDPR has strengthened this data protection right substantially. It gives us a basket of new rights over personal information, including the right to be forgotten and data access and portability.

For example, from May next year, any person living in the European Union — not just EU citizens — can request their personal information be removed from corporate databases in a timely fashion, or know the reason why not. This includes all data, even backups. The GDPR also expands the definition of “personal data” to include “tracking data” such as cookies, mobile device identification and it requires consent per purpose.

This consent must also be informed, unambiguous and freely given. The GDPR also requires that companies obtain additional explicit, informed and unambiguous consent from people if they want to uses the data in a new manner. And that consent can be revoked any time.

At its essence, the GDPR seeks to embed a “privacy by design and privacy by default” approach. Privacy by design means each service or business process that uses personal data must prioritize data privacy throughout the entire lifecycle. This means data privacy needs to become a company-wide norm, especially as companies will need to show that they have adequate security in place and that compliance is monitored.

Privacy by default means that the strictest privacy settings automatically apply once a customer acquires a new product or service. There is also a time restriction to this, as personal information must be kept only for the time necessary to provide the product or service.

The New Rules

Allianz-new-rules

Commonsense data collection

The GDPR is really introducing commonsense data security ideas: minimize personal data collection, delete personal data that is no longer valid, restrict access and ensure data security throughout the lifecycle. At its heart is the notion that having access to personal information is a privilege and so, companies must act with great responsibility.

While this sounds straightforward, there are typically many moving parts involved in data handling and the GDPR imposes stringent requirements on compliance - and it is not just European companies affected. It also addresses the export of personal data outside the EU, such as for offshore processing. So it has international implications too. Also, if an e-commerce website outside Europe collects or processes data on EU residents, for example, then too the GDPR requirements apply.

Indeed, the biggest change GDPR brings for companies is accountability. This is particularly relevant for insurers as the data explosion in recent decades has provided greater insights into customers. The data collected has enabled more accurate underwriting so as to create and implement effective policies. There’s also the evolution of technology with new fields such as telematics and remote health monitoring. Insurers will need to be highly cautious to ensure personal data gathered from all such sources is used and stored in a transparent and responsible way, and with the customer’s complete understanding.

How Allianz is preparing

At Allianz, we have undertaken a three-year, multi-phased program to ensure GPDR compliance across the group. As a part of this, Allianz is implementing comprehensive and binding rules relating to the transfer of any personal data. For us, the requirements of the GDPR match our digitalization efforts. This opportunity allows us to harmonize systems across the group to reduce complexity and improve efficiency.

In the future, as in the past, Allianz will continue to ensure the privacy of our customers remains our priority.

  Forward Looking Statement disclaimer

As with all content published on this site, these statements are subject to our Forward Looking Statement disclaimer:

 

  Press contact

Gregor Wills
Allianz SE
Phone: +49 89 3800 61313

Send email

  More at allianz.com

Nicholas Opiyo wins 2017 German Africa Prize

Allianz-Nicholas Opiyo wins 2017 German Africa Prize
Nov 24, 2017 | Allianz SE

Ugandan human rights lawyer Nicholas Opiyo was last night awarded the 2017 German African Prize by the President of Germany, Frank-Walter Steinmeier, during a ceremony at the Allianz Forum in Berlin...

More...

Allianz X Announces Strategy and Leadership Changes

Allianz-press_story_teaser
Nov 24, 2017 | Allianz SE

Allianz X, the venture unit of the Allianz Group, announced today strategy and leadership changes intended to prepare the entity for long-term success.

More...

Euler Hermes: Finally, good news on global trade

Allianz-Euler Hermes: Finally, good news on global trade
Nov 23, 2017 | Allianz SE

After years in the doldrums, global trade has finally caught a decent tailwind. After an increase of 4.3 percent this year global trade could expand by 3.9 percent in volume next year. This would represent an increase in value of 6.3 percent and 7.5 percent, projects Allianz.

More...
More...