Recently, THALES has increasingly been providing support in the insurance industry, in project management for the establishment of data protection management systems (DSMS) and as an external data protection officer.

In the insurance environment, special data protection challenges arise. These are due to the fact that very sensitive data is processed and profiling also takes place regularly. Automated decision-making is also a regular processing activity, without which a modern insurance company would no longer be competitive. In addition, data is increasingly being processed by service providers on cloud-based platforms, as the company's own resources can no longer handle the large volumes of data or cannot map sufficient functionalities.

In view of such highly demanding data processing under data protection law, the existing data must also be protected with particularly intensive technical and organisational measures (TOM) in order to meet the requirements of Art. 32 DSGVO. Recognised standards are recommended here, such as the BSI-C5 standard (Cloud Computing Compliance Criteria Catalogue), with the implementation of which we at THALES are now well acquainted.