Measures to Implement Policies and Standards

Data protection policies and standards form part of Swiss Re’s governance and are brought to the attention of all staff, contractors, partners and vendors, for whom they are binding. Our compliance training programme ensures that the key data protection concepts are understood and applied, and that all persons are aware of their roles and responsibilities. We design our training programme to be relevant to risks arising out of our role as an insurer. We mandate a global eLearning training for all employees and supplement with bespoke trainings for particular regions, business units, and employee functions. In addition, we run regular data protection and information security awareness campaigns with executive sponsorship. We also share with our employees other knowledge resources on data protection and privacy topics, including guidance on ways that they can better protect and safeguard their own personal privacy.

A team of full-time Data Protection Officers (DPOs) covers all of our business units, group functions and regions. They are leading professionals and leaders in the international profession of data protection and privacy. They speak at global conferences, engage in industry knowledge sharing and collaboration initiatives, and monitor regulatory developments in the areas of data protection and privacy. In addition, our Data Protection Officers regularly engage in an internal global network of subject-matter experts to support compliance needs by business units, group functions, and by region or jurisdiction. We coordinate with our internal operational risk management, audit, and information security colleagues so that we can optimise the implementation of the data protection compliance framework, identify and address gaps, further mitigate risks and monitor compliance.

Supervision and monitoring through line managers and control functions allows detection of non-adherence, and an anonymous whistleblowing hotline is available for any internal or external report which gets independently investigated. Of course, data protection is also subject to scrutiny by independent auditors and regulators.