 Thank you to be here. Welcome, and I immediately give the speech to Petra, which we introduce herself. Thanks a lot for coming here. I'm in actually, like, qualification, so I do a lot of insurance. I'm working for the Swiss Silent Think Tank, which I founded, and also in topics like GDPR. And I was thinking about putting the topic GDPR on this stage here, and I thought, why not for my profession? Because actually I do work a lot with data, and they do work a lot with different type of data. So our work is a lot of limited right now, if we have to look at what we really need to do the portfolio. So then we calculate, we take the data, calculate out what the premium is. So in particular, if you think about insurance and you want to ensure your bike, and they need 1,000 people of all, 10,000 people of ensuring the bikes, they think how many bikes will be stolen, what's the value of each bike. And then they say, okay, this is now what the loss will be. And here's the premium plus a little bit of admin cost, and that's the amount they will charge. For a bike, you don't need personal data. But if you go into other kind of parts, like life insurance, health insurance, we need data for that one. And that makes it very difficult. So GDPR is actually for life health, pensions, also property and cash. Part where we go through all the different type of processes, underwriting that those ones were accumulated, the risks are actual work, these are the ones who are doing the prices. And when I was before the act of GDPR came into place, we had our own computers, we took our portfolios, we tried to do the world. So we took the data all the way out there. And that's an issue now. That's not becoming so easy right now. So the underwritings and the actuaries, they do need the personal data. If you look at life insurance part, you need the birth, you need the age, you need the gender. And then you actually under the new GDPR, you have to ask each one in the portfolio for consent. You have to ask them, can I take your data from my personal laptop? I'll delete it afterwards, but that's a problem. The portfolios normally run around 10,000, 20,000 people in an old portfolio to be accumulated. And that makes things very difficult. And actuaries, they do need these type of data because without historical data, without data, you cannot do any kind of work. And we used to do those kind of work in India. So we outsourced, transferred it somewhere with an email attachment. And then they do this evaluation, and this is a different mechanism now coming into place. The questions on actuarial work are not how many people are really familiar with the actuarial work. It's actually a very easy one. You take any kind of claims data, you put that into a mechanism of matrices, extra sheets or other type of matrices, calculate out what the risks will be, and put a price tag next to that. And you do the same thing for all kinds of business. So it's its property, if it's a cyber risk, which I'm doing, if it's an attack, if it is a hurricane, or it is a simple life or health portfolio. It's all the type of the same thing. So the mechanism in between. When I started my career, we had to program it by heart, by ourselves. Nowadays, you take models somewhere, and there are companies offering those type of models, and then you calculate that through, and then you get the price tag. And that's what the insurance company is actually offering to all of you, when you say, okay, where's my life insurance coming up? Okay, it costs a thousand a year, a month, a year. And you say, why is it so expensive? And then you say, well, you are an expensive type of classes. You have these and these and these type of risks, and so many other people do. And that's why it's more expensive, because the insurance expects a higher pay. As easy as it is, actually. Transfer the data is a very important part in it. We saw yesterday the Bolo Museum, and actually I was working at IBM, the big computer they were putting out there, and we were very proud of, this is IBM, we are putting the data out there. And this data is now in the form much smaller, so you could actually carry those kind of personal data with you everywhere you can do it. We used to work in India, that means I had a team of 15 actuaries over there in India. We sent them the data, we sent them the portfolios, and they calculated this out. And in particular in those outsourcing countries, you had different type of companies next to each other, they sort of like walls against each other, they couldn't even meet in the cafeterias for talking to each other, but now with the technology, it is a different story. And we uploaded the data as I said before. And it has an impact on the health insurance side, in particular health insurance is one of the most critical areas in it, because health insurance, health companies are needing the data fast. If you go today to a doctor and say, here's what I am, but I can't speak anymore, the doctor says, can you sign beforehand anything you would like us to do? And in Germany, if you go to a doctor, you have to take a number, because if they say, Mrs. Müller, please come in, everybody knows Mrs. Müller is sick. So it's a different area, the whole GDPR actually, it's a show where you all know it started in the health business in Germany, where they thought about it, bringing this Gesundheitskarte, these health cards in it, nobody talks about the health cards in the robot, we have to know. So we have to behave on this one. And the biggest case happened in a hospital in the US, where they wanted to act so fast after an event happened that a lot of people went into the hospital, they decrypted all the data. And of course, hackers took this, these data out there, and sold it on the black market. By the way, the price of personal health data sold on black markets is more than $300, while the price of a stolen credit card is only 10. And $10 for stolen credit cards, you go in, say to the bank, okay, use my credit card stolen, they even give you the money back on this one, and it's out. You get a new credit card and the story is over. But for personal data, that is not gone, that remains. Patient-centric is an important part in biometric data, is something, let me just go through the data which I'm also doing on cyber risks in it. And cyber attacks on biometrical data is a topic which comes in when people put a hacking attack to a person or to a group of people to attack them personally to do something against the society. So the biometrical data is very personal data on risk in it, and everybody who knows a little bit about cyber, the dark net is much more structured than we are on the right net. And also, they are much bigger. Big data, patient data, patient data is used in different types. So using the financial parts, reserving is, in the insurance term, the money you take aside for claims which might happen in the future. So you put some of the monies aside to say, okay, here's the 10 millions what you get out of the premium. And then out of the 10 million, you put 8 million out of liquidity, you can invest it, when the claim happens, then you have to take it out. The higher the claim is, the more you can invest. So for instance, a reinsurer, a reinsurer who has a large claim happen, they say great, put all the money now and invest it because when it goes through all the lawsuits and all the stuff, it takes years and years and years when the money is needed. Direct insurer, first insurer, it's a different story. Regulator compliance, that's actually also where you need financial, claim data from a patient, claims by itself. So it's interconnected, a lot of data where it is. And if you go and do a blood test, then here goes your personal data somewhere already on that stage. Pensions, Pensions is another part in it where it is really on risk, because pension plans, they have it all. They know when you got born, they know where you did earn your money, they know where you worked on, they know everything about you. And the foundations here in Switzerland, they are very safe in it, but there are other countries where they are a little bit looser on those kind of data. But if hackers go into the pension plans, they have all the story, and that's a very scary part to think about it. The impact on the pension plans is a lot, because if somebody stores the data of an employer, and cyber risk is one thing where the employer is the biggest risk party in the data than any other person by itself. And if they go and break into a company, break into the salary scheme, they break into the pension plans. By the way, you can always interrupt me and ask questions if you have something you would like to go into a little bit deeper parts in it. And we are interconnected with each other. That means if you go into one of the systems and they interconnect through the world from one part to another part, that's where the risk really is in it, and that's where you carry the data with you. And that's a very interesting part in it. When we know the GDPR, we say, okay, let's protect our personal data. But what personal data is protected? We have it all on Facebook, that's an easy one. Twitter and everything else, where we bring out a lot of us. The photos are there, the stories are there, the ages are there, not all the time. People don't have to do it correct because Facebook doesn't ask for correct numbers, so you can put in whatever you need. But when it comes to the financial part, then you need your correct data in it. And that's where the interconnection is as well. In GDPR, actually, that law was there already before as a scheme. But now it's a money law behind it. So if you find out if something is not protecting your data, you can see them. And you can see them and start to collect different parts. And even if you ensure those kind of data protection, and let me give you an example, which is not on the slide, but I kind of think it might be an interesting one. And if you then go to protecting your data and to sue them, you have to make it public. And that's where things really are being of interest. And that's where it is. Let me give you an example of a national bank at Blacksbury. A national bank at Blacksbury was hacked in 2016. And what they did, the hacker went inside on a Thursday and nothing happens. They just went inside. And Friday afternoon when people went off from work, going to ATM machines, the hackers already were in the ATM machines, looking for all the weekend, for all the personal data, they stole it. And on Monday, when everybody was back to work, they closed this but had all the personal data and took it away from all the people the money. Lost 560,000. The national bank said, that's great. Ever since you once we get that paid, they looked at this, paid it a little bit, the bank put some patches in it, eight months ago. Later the same thing happened, lost 1.8 million. And then the ever since you once said, no, no, no, no. That is not a crime. That is a car protection. So you're not going to do that. The suit is ongoing. So you see how even that the laws that the GDPR is in place, it doesn't necessarily help you. And it only helps you afterwards when your data is already gone. So preparedness upfront is a much better way to think about what can I do not to put my personal data somewhere. If you go on Facebook and say, bye-bye, I'm going on vacation, what do you say? Hey, my house is empty. Go ahead and take my stuff. So be very careful what you put on the data in the social network. We have all these kind of different insurance parts in it, so I skip that because I already mentioned all that beforehand. And actually services that actually we need the data. Otherwise we can't really do much to work on. So let's take the next step. We need to refine the algorithm. We need to look at different ways of working. That means we have to go in the environment of the clouds of the people who give us a services to do the actual calculation and say, here's how we work on it. It's a different type of process starting. But I think it's a good one. It's a very interesting one. We have many more cases also. Incidents of security parts in place. A lot to find in the UK. The UK is one of the countries which is not really so safe about the whole part. That's why they want the Brexit to be employed by that one. And you can find those stories in the internet and it's a lot of reading stuff. There's a lot of interesting stories about this. The health sector is actually, as I mentioned before, the one which is on danger, the highest danger because of the speed for the health part because of the data and because of the dark net. The price which I mentioned before on the health data on the dark net on the pension plan is not that much because they can't get so much into the foundation of what they wish to do. So some points on the data journey. So we are doing a lot of data protection. Everybody needs actually a data protection officer. A lot of companies are very low to that one. In Germany, we have another here in Switzerland, another year to think about it. But we should already prepare ourselves a little bit how can we protect the data of the people who trust us, whom we are from each one of the companies who are dealing with this data. And the outlook of the future is actually, and that's also my last slide because I would like to put some time in it for questions and discussions. There are cyber insurance policies around. There are insurance help all the time with certain kinds of things. Insurance companies are, whenever it comes to security, they are the one who put in policies in it. One thing is to make money for them but also the other things to bring something into society. One, two last points. We work a lot because of insurance and we have telemedicine TPR because of insurance and I was one of the person who was doing pay as you drive, which is not drive like a girl, insurance coverages for an insurance company. So I have a couple of human minutes left for questions and discussions, right? Ten minutes. My question is, now I have legal means to sue people but how do I get to know that my data was stolen? I know in the car they say you have to inform people but will companies really inform everybody and just get a wholeness of everything? That's a very, very good question and in the case which I mentioned from the National Bank what I had to because the people noticed that bank accounts were all of a sudden empty. But if nothing happens in between and they don't know it yet then they might not even inform the people. That's a big, big black hole in it or crystal ball in it where people don't really tell them. If you go to a hospital and half year later they break into the hospital and they say, oops, these people, do they come back? No, they're from another country. Maybe we don't have to say that. That's a pretty big question because they really tell the people and if they do and issue them you know, go and lawsuits go many, many years afterwards. So that's a very good question and I wouldn't be so secure that everybody who has our data is really protecting us in the right way. You mentioned that the stolen health data has been sold for big amounts of the bank market. What is actually the use of that? Who is purchasing it? Yeah, it is sold. The health data is sold and I mentioned that the price, 300 plus, per one person and they sold it in a portfolio so you can imagine their 100,000 or 10,000 and what the price market is behind it. What they do with this they look at the data as a portfolio and say okay, there are so many people now being nearly too sick because when you're going to a hospital you're not going there because you get your fitting plan. You go there because you are sick and then they look at oh there's so many people having cancer but that's a live stream. Okay, maybe I could do something into when they die or when they are even not healthy anymore to their relevance and say here is a person sick you can get that kind of amount on the fund now and you pay later 30% interest. That's how they work. And if you get emails from oh yeah, I know somebody died and here's some kind of money somewhere ignores us. These are coming from the document and these are coming from whatever data they have. So they have a very high interest because their data has real value. If I may go to an example it's an example that predates companies and predates the GDPR so it's quite interesting. It's someone that's having a lot of phone calls from companies who want to sell something to them and they are so sick about it they say to one, I'm sorry that person's not here that person has died and then these family members receive phone calls from funeral homes saying you have someone who died in your family don't you need your services? So and of course the parents that receive that call said my god, what happened? But that predates computers so it's interesting to see that even those data are worth a lot even before it's computing and on 10 to 10 thousands of data like you said before. That's right, it's a mass of it. It's a mass of information that people can access and there are people also very open to access those kind of information or give those kind of information away and there are other people who are putting everything inside both is probably the real idealize in the middle and both is really not correct. But it is important if the call center calls what you excuse your job because they're reporting these excuses. If you tell them I have no interest no time okay that's an unvalid number you hang up and that's it but if you give an excuse oh somebody in my family died they have an information they can use. So be very careful about those kind of people approaching and what is really on our risk today we can approach on so many ways we can approach by the iPhone by the computers and my emails by whatever it is email is one of the highest risk by the way. So if communications like Slack I use that too is much more secured way than emails and emails and phishing that's the highest risk in it and that's the biggest part where hackers actually go in to use some kind of information and information from companies and companies give that much faster way because some people who work in a company they are not so responsible for that kind of health data and one last remark on the data and security before I finish is the people who are the highest risk in an employment situation are those ones who are taking the jobs a lot for the emphasis because people cannot take their portfolio security numbers and things like this away because they are still in the company they have access to many, many, many parts and that is the risk for the companies and that's where GDPR is actually not enough because it's not protected from the outside. Well, I'm very happy outside talking getting any kind of discussion anything you have and would like to discuss further and I hope that this topic was interesting for you was not too much leaving into the act and thank you very much and thanks a lot for listening Thank you very much Thank you very much It really was that the core of a great, great problem where information and communicators are becoming more and more bankrupt and should take as much care of data as they can do of value, paper and money Thank you very much Thank you I have to show you this in five minutes there will be Alain he will talk about Gutenberg because Bastien was ill this morning so Alain he didn't prepare something but he knows so much about core and the words the wordpress that it surely will be very interesting and you have five minutes to change the room if you want to to work with Petra Thank you very much