C _ Group Management Report Targets and achievements: cybersecurity Topic Targets 2021 Achievements 2021 Targets 2022 Information security executive Define and include information security Target objectives for all OEs included Further upgrade targets and risk accountability targets for all responsible board key information security risk indicators indicator monitoring, linking them to members, including local Operating in addition to targets for strategic quantified risk exposure and roll-out of Entities (OEs) to ensure appropriate programs related to information global cyber-risk management strategy. focus on securing Allianz. security. Additionally, a mechanism was devised to ensure a direct link between information security standing and reward. Data privacy & data ethics Privacy Champions will be appointed in Privacy Champions were appointed Deploying new data privacy controls for all business units that process personal across Allianz Group companies and supplier management concerning the data across Allianz Group companies. are now dedicating a portion of their pre-selection, contracting, ongoing Privacy Champions are employees who time to deal with privacy-related topics. monitoring, and off-boarding of data dedicate a portion of their time to We developed a global privacy risk processors. dealing with privacy-related topics, and controls “blueprint” to support Deploying a rigorous new training including PIAs, records of processing local compliance efforts with the APS program for privacy professionals and activities, data incidents, and data across the entire Allianz Group. The privacy champions. access requests. blueprint provides a tool for identifying Rollout of the AI Practical Guidance to data privacy risks in local business all EU Renewal Agenda Committee processes and addressing those risks (RACO) Operating Entities. by mapping them to standard controls. Annual Report 2021 − Allianz Group 67