Notable birthdays: GDPR turns 5
The kid has gotten off to a better start than a lot of people expected. Five years ago, on May 20, 2018, the European Union’s General Data Protection Regulation (GDPR) came into effect. The months prior to that date, many experts, including many companies, had a rather gloomy outlook on it: potentially hefty fines and lots of red tape. However, it has brought many more positive effects.
Yes, the fines came: many companies were fined hundreds of millions of euros over the past five years. However, very unexpectedly, the GDPR became an export hit. Countries like Brazil, China, Thailand and US states like California and Virginia copied it and enacted similar laws. Its concepts were seen as an excellent balance between individuals' need to protect their rights and freedoms and companies wanting to make best use of data. It is fair to say that it has been a success story.
The implementation of GDPR via the Allianz Privacy Renewal Program also changed how we handle personal data at Allianz. Our privacy framework has become much more mature. We were the first insurance company in the world awarded the so called Binding Corporate Rules which allow us to share personal data globally within Allianz. We now have over 170 colleagues working as Data Protection Officers and Professionals and over 2,000 Privacy Champions in the Business/first line supporting privacy matters. Their Privacy Impact Assessments are supported by a global tool which has automated many processes.
This increased level of maturity has also been recognized by external views: The external auditor PricewaterhouseCoopers (PwC) attested that Allianz maintains a gold standard, for the second year in a row Allianz ranked first place in the Dow Jones Sustainability Index in its Data Privacy section, and our German insurance businesses as well as our application process received the TüV Data Privacy Trust Seal.
But what does this really mean now for Allianz and its customers and employees? According to a recent PwC study, for 79 percent of these stakeholders data privacy and information security are a key concern. In turn, they would only trust companies which are using data in a legal, ethical and protected way. Therefore, it all comes down to trust. With our strong privacy framework we are ensuring our customers’ and employees’ trust. It helps us live up to our promise “We secure your future.”
Without this trust, we cannot be successful in our continuous digitalization efforts. There comes the next challenge: the opportunities and risks of the use of Artificial Intelligence (AI). As we speak, Brussels is preparing the next big piece of legislation: the European Union’s AI Regulation. Hopefully, this piece of legislation will be as successful as GDPR.
**As of March 31, 2023
***As reported – not adjusted to reflect the application of IFRS 9 and IFRS 17.