TL;DR:In the insurance industry, personal data is processed on a daily basis. Many of these processes carry risks because they are not GDPR-compliant. This article explains how typical data protection issues can be avoided by using our wallet.
In the daily communication with customers, the insurance industry frequently processes personal data. However, many of these processes involve risks, as they are not GDPR-compliant. Wallet technology provides a secure and user-friendly alternative, enabling fast and structured communication, whether it’s about claims, health information, or billing documents. This checklist highlights seven common data protection pitfalls and how wallet technology helps prevent them as a technical and organizational measure under the GDPR.
1. Sending Sensitive Information via Unencrypted Email
Example: Sending policies, claim reports, or health data as PDF attachments via email.
Legal Risk: Violates Article 5(1)(f), Article 5(2), and Article 32 GDPR (integrity, confidentiality, and processing security).
Better with Wallet: Documents are end-to-end encrypted and delivered via a secure, individual channel with no email involved.
2. Lack of Traceability in Data Transfers
Example: Internal forwarding of customer requests via email between agencies and insurers. Customers accessing shared cloud folders is often non-compliant and opens potential backdoors.
Legal Risk: Article 5(2) GDPR requires full accountability: Who accessed which data and when?
Better with Wallet: Every transfer is transparently logged, reducing liability and ensuring traceability for high-risk data exchanges.
3. Storing Personal Data on Local Devices
Example: Brokers saving client data locally in Excel files or insecure CRM systems.
Legal Risk: Violates Article 25 (Privacy by Design) and Article 32 GDPR.
Better with Wallet: Data is stored decentrally with the customer. Access is granted only when needed and only with consent.
4. Keeping Data Without Legal Justification
Example: Old forms or email threads remain in inboxes for years without legal retention requirements.
Legal Risk: Breach of Article 5(1)(c), (e) and Article 25(2) GDPR (data minimization and storage limitation).
Better with Wallet: Time-limited data sharing, automated deletion rules, or revocation options initiated by the customer.
5. Communicating via Third-Party Platforms from Non-EU Countries (e.g., WhatsApp)
Example: Handling inquiries or sending documents via messenger apps.
Legal Risk: Transferring data to the US (e.g., via WhatsApp) without appropriate safeguards violates Article 44 ff. GDPR. Post-Schrems II, this is considered legally risky.
Better with Wallet: GDPR-compliant communication within a closed, controlled environment – without third-country providers.
6. Insecure Handling of Identity Documents
Example: Customers send copies of ID cards or bank documents via email or fax.
Legal Risk: Involves special categories of personal data (Art. 9 GDPR). ID data must be minimized and shared selectively (Art. 5(1)(c) GDPR).
Better with Wallet: Digital identity attributes can be verified and securely shared alongside ID documents – in a structured and controlled way.
7. No Transparent Option for Revoking Consent or Accessing Data
Example: Customers lack visibility into where their data is stored and can’t easily revoke access.
Legal Risk: Breach of Articles 15 (Access), 17 (Erasure), and 21 (Objection) GDPR.
Better with Wallet: Customers stay in control. Access can be granted or revoked at any time – without bureaucracy.
Conclusion: Wallet technology empowers insurers, brokers, and service providers to rethink customer communication – securely and in line with GDPR:
✔ No media breaks
✔ No email
✔ No paper
✔ But fully “state of the art” – compliant, secure, and user-centric
Do you want to learn more about wallet technology in insurance?
We are currently offering, in cooperation with VSAV e.V., a webinar on the topic of wallets for the insurance industry.
Click here to register.
Alternatively, you can contact me (Michael Feygelman) directly.
