This document discusses profiling under the GDPR and provides examples of how profiling is used in fintech and insuretech. It defines profiling as gathering and analyzing data to assess personal aspects and predict behavior. Profiling qualifies as processing personal data, so the GDPR applies. Key points include ensuring a legal basis for profiling, respecting data subjects' rights, avoiding automated decisions with legal effects without human intervention, protecting sensitive data, and prohibiting unlawful discrimination. Reflexes for companies include establishing a valid legal basis, informing and empowering data subjects, and designing processes with data protection, accuracy, and non-discrimination in mind.