Should your business invest in GDPR insurance?

On 25 May 2018, the General Data Protection Regulation (GDPR) comes into effect in the EU and across the United Kingdom.

GDPR will replace the Data Protection Act (DPA) and ushers in expanded rights to individuals and their data. The new legislation will place greater obligations on businesses and other entities that process personal data.

It is essential to plan how your business will comply with GDPR.  Obtaining a GDPR insurance policy could help to protect your business, to ensure that you have the right structure in place to protect your systems and the information you store. Failure to comply could result in investigation and ultimately penalties.

In addition to our GDPR insurance policies, Crendon Insurance also offers Cyber Liability Insurance to provide the reassurance you need when dealing with Data Breaches:-

  •  Notification of the Regulator – on becoming aware of a breach, companies have to notify the Regulator (ICO) within 72 hours unless there is a reasonable excuse not for doing so – this puts massive pressure on a company to prepare their case in a very short time period.Cyber Security & Data Protection Insurance policies usually provide immediate First Response.
  • IT Forensic Services – on discovering a breach it is important for a company to be able to quantify what data has been taken and cyber security insurance provides this service.  If you cannot calculate how much data has been lost/stolen/hacked, then the regulator is likely to make you notify all customers who have potentially had their data breached and the resultant PR fallout can be catastrophic.It is therefore extremely important to have expert IT forensic specialists to establish what data has been accessed and copied.  A data breach isn’t like having your house burgled where you can easily establish what has been taken – the data is still there, it’s just been copied by a cyber-criminal and in-house IT departments are not forensic experts and can often accidentally destroy vital evidence with good intentions (a bit like walking over evidence at a crime scene before forensics have arrived!).
  • PR Costs – due to mandatory notification breaches will be publicised and this could potentially lead to damaged reputation, loss of confidence etc. Cyber Security insurance therefore provides you with access to expert global PR consultancy firms.
  • Notification of Breached Data Subjects – the costs of notifying each of your customers/clients. For example, if this is by post, if you take the price of a 1st class stamp and multiply it by the overall number of potentially breached data subjects, costs can escalate very quickly.
  • Group Action Litigation Risk Increases – when the Breaches are publicised by the regulator, it increases the likelihood of liability claims and group action litigation (law firms representing multiple claimants to go after companies who have breached personal data)

To find out more about how GDPR Insurance could protect your business, please contact us. We will be pleased to discuss GDPR Insurance in more detail as well as other cyber security issues to see whether there is an exposure to your business and if so, the options available to you through our annual 12 month GDPR Insurance packages.

Further Reading: