With GDPR now in force, we’ve addressed your most pressing questions to help you and your clients understand the complexities of the regulation.
GDPR was enforced on 25th May 2018. To ensure compliance, any company involved with the collection of personal data needs to make significant changes to the way they collect, process or document the data. Whereas some privacy tools and procedures have previously been seen as good practice, they will now become legally required. Fines for non-compliance can reach up to €20m or 4% of an organisation’s group worldwide turnover.
Whether GDPR applies to you, if it’s just about data breaches, are the fines insurable and whether your cyber / tech insurance policy covers it – it’s all your questions answered. You can read the full document here.
And don’t forget about your partners, especially if you’re a data processor. If you use sub-processors or contractors, they’ll need to comply with your contractual data protection obligations too. For more information on how the GDPR impacts data processors, view our quick guide.
The GDPR deadline is fast approaching, and unlike the current Data Protection Principles, it applies not just to data controllers (i.e. business who collect customer data and determine how that data is used), but also data processors (i.e. firms who handle or process data on behalf of data controllers). Many of the technology firms that CFC insures are data processors, and will therefore face new responsibilities and dramatically steeper penalties for failing to protect customer data.
In order to help these companies understand their GDPR exposure, CFC will be holding two seminars in partnership with top UK law firm Weightmans on 22 March and 23 March – GDPR for Data Processors. We will be exploring what GDPR means for data processors, what their obligations are, and what they need to know if their data is lost or stolen. To sign up for these events, simply RSVP using the button below.
GDPR for Data Processors
CFC is also offering a free, one-hour GDPR readiness phone consultation with Weightmans for all UK technology insureds. Interested customers can contact GDPR@cfcunderwriting.com to book their session.
GDPR Readiness Consultation
Unable to attend a seminar or just want to learn more? Download our one-page GDPR Quick Guide for Data Processors exploring what GDPR means for data processors and what these companies should do to prepare.
GDPR Quick Guide for Data Processors
Today we are releasing findings from a survey conducted at the 2017 London Market Cyber Symposium last month*.
When asked whether they were seeing more demand for cyber insurance as a direct result of the incoming EU General Data Protection Regulation (GDPR), an overwhelming 80% of survey respondents agreed.
Respondents to the survey at last year’s event cited the incoming GDPR regulation as an element likely to drive up the demand for cyber insurance in 2017.
Graeme Newman, Chief Innovation Officer at CFC, explained: “Under the GDPR there will be a requirement that businesses have an incident response plan in place and must notify any data breach no later than 72 hours of becoming aware of the event. To do this, businesses are going to need access to a whole raft of specialists and that’s going to have a disproportionate effect on SMEs who are unlikely to have this level of capability in-house. They could find themselves scrambling for help and possibly face missing the cut off, thus exposing themselves to breaching the new rules.
“I think that there is a greater realisation as GDPR looms ever closer that cyber insurance can offer a valuable lifeline. As well as protecting them against the emerging threats of the digital age, the right provider will give insureds instant access to carefully selected specialists who can guide them every step of the way from creating an incident response plan to dealing with a cyber attack.”
* The survey was conducted on 23rd November at the 2017 Cyber Symposium in London, UK. Hosted by CFC Underwriting, the event was attended by over 200 representatives from the insurance industry.