The IAPP here at the Data Protection Congress in Brussels has named Allianz as the second winner of its HPE-IAPP Innovation Award in the category of privacy-operations innovation, following Teleperformance's award last month at the IAPP's Privacy. Security. Risk. event in San Diego, California. One of the largest financial services companies in the world, Allianz Group serves more than 86 million customers and has subsidiaries in more than 70 countries. With this award, the IAPP recognizes Allianz for its innovative implementation of privacy and data protection across operations, locations and employees.

The Allianz team will present the fundamentals of their privacy program on Thursday as part of the Data Protection Congress conference program. 

The HPE-IAPP Privacy Innovation Awards recognize unique programs and services in global privacy and data protection in the private and public sectors. The awards shine a spotlight on organizations that integrate privacy in such a way that elevates its value as both a competitive differentiator and a centerpiece of customer and citizen trust.

Philipp Raether, group chief privacy officer at Allianz, described the impetus for the shift in the company’s privacy operations as two-fold­: the ever-accelerating digitization of the business and the impending EU General Data Protection Regulation. As technology moves businesses away from paper and into the digital space, Raether said, “There is a need to gain, or regain, the trust of the customer. In the digital age, there’s more data, [and a] greater threat of hacking, so you really need to strengthen privacy and IT security measures.”

In order to fulfill its GDPR readiness strategy, Allianz got creative. The company identified 100 internally-sourced experts worldwide and appointed them as data protection officers or privacy professionals. Raether said these individuals are not only able to provide accountability for each jurisdiction at a group-level, but they also bring their expertise in at a local level.

The predominant architecture of Allianz’s privacy and data protection function was founded on the use of technology and the principle of subsidiarity: While a clear strategy, set of standards, and certain policies are decided at the group level, creating a harmonized global perspective, the company empowers the local subsidiaries to deliver project implementation and management.  

To help bring everyone up to speed, Allianz hosts an intensive central privacy summit annually to collectively identify the challenges to operationalizing, such as practically implementing regulations and awareness of them within the company. Thinking creatively, Allianz developed gamified global privacy training to help create awareness across all 140,000-plus employees. 

Allianz also implemented OneTrust’s privacy management software to create a central framework, allowing the company to scale and operationalize its program’s overall structure. It further gave DPOs and privacy professionals the ability to focus on their individual area, while simultaneously participating in the overarching privacy framework that fosters global accountability.

Raether said OneTrust’s privacy impact assessment tool is at the heart of Allianz’s privacy function, not only for data mapping, but also in adding a privacy perspective to the assessment of new business opportunities.

He said staying on top of privacy policy changes has become less burdensome with the implementation of semi-automated, digital solutions. 

“Staying up-to-date with the evolving laws and technological developments is critical, but especially important is being able to implement these in the business,” he said. 

For privacy and data protection to be fully integrated into the company, Raether noted the importance of having an equally involved operations team to facilitate the technical execution. Over the last few years, Allianz's privacy function has upped its profile within the company. It now has a direct line of communication between the privacy team, executive leaders and board of directors, all in an effort to create an effective sense of visibility, accountability and regular ongoing privacy program updates.

Raether believes Allianz’s model is replicable, attributing their success to the recommendations and tools put forth by the IAPP to help develop a robust privacy program.

"What we've seen is that the use of technology in the area of privacy is helping us to become more efficient," he said, adding, “We are also careful not to over engineer things; keeping it simple and effective is key.”