After months of speculation and opt-in emails, GDPR is finally here. Designed to harmonise data privacy laws throughout Europe, this new data protection legislation gives individuals far greater protection in terms of their personal data, allowing them to determine when, how and to whom their personal information is revealed, and how it can be used.
With the maximum fine for non-compliance set at a debilitating €20 million (roughly £16 million) or 4% of your annual global turnover (whichever is higher), the risk to businesses is significant. Last year, UK organisations were handed £4.2 million in data protection fines – almost £1m more than the previous year – and this figure is only expected to rise with the implementation of GDPR. While it is possible to minimise the risk to your business through robust data protection procedures, complete risk elimination is almost impossible to achieve, leading many to ask whether there is anything that can be done to insure against GDPR fines.
Simon Gubbins, Managing Director at Robison & Co. Insurance Brokers in Petersfield, said: “This is a question that we’ve been asked frequently over the last few months, and as with most policies, the amount and type of cover you can procure would depend almost entirely on individual circumstances.
A robust Cyber policy will typically safeguard you against the costs associated with a data breach, including liability from the failure to properly manage personally identifiable information and regulatory defence and penalty costs. Professional Indemnity and Management Liability policies can also have an element of cover relating to data breaches. Whilst insurance isn’t a complete cure-all, it’s certainly worth reviewing your existing policies to understand what cover is included and whether this could be extended to provide greater protection”.
Simon continued: “As with every situation, prevention is better than cure, so it’s essential that business owners have a compliance strategy in place, with clear guidelines for GDPR best practice. Predictably, insurance policies have exclusions relating to fines and penalties, which you cannot insure against by law, so you can’t rely on a policy to pay a fine, but it could help you manage a potentially serious data breach. If you do have concerns about the impact a data breach could have on your business, there are insurance policies available that could mitigate that risk, and it’s worth discussing this with your insurance broker.”
Robison & Co is an owner-managed insurance brokerage, offering advice on all areas of business and personal insurance, as well as independent financial advice on investments, mortgages and pensions. For a quote, or a review of your existing insurance policies, please contact us on: 01730 265500 or email hello@robison.co.uk
