General Data Protection Regulations (GDPR) and Data Protection - Cyber Insurance
Due to recent events, the Government is stepping up the fight against cyber crime. One of the new measures planned is an update of the legislation that governs the holding and sharing of data. The new General Data Protection Regulations will apply from May 2018, just 10 months before the likely date for Brexit.
GDPR applies to an extended range of personal data and requires businesses to outline exactly how they use data and declare all breaches to the Information Commissioner’s Office (ICO) within 72 hours. Whilst a cyber attack may steal data for use or re-sale, a ransom-ware attack or hacking of your website or email system all have the inevitable side effect that customers’ data could be accessed by hackers and be considered a breach.
Failure to follow notification rules may result in fines of up to €20m (£17m) or 4% of global turnover (whichever is higher) and risks damaging your business reputation. The guidelines have yet to be finalised and it’s not clear who exactly it will affect, but the likelihood of suffering a breach and subsequent claims from aggrieved third parties may be increased. We are keeping a close eye on the legislation as it is concluded to ensure we are prepared to help our clients and potential new clients understand the implications and mitigate some of the additional risks they might face. As technology develops, businesses are becoming more exposed to new risks and it can be difficult to understand the insurance you should consider. Here at Eastwood & Partners we offer a bespoke Cyber Insurance policy and are on hand to help where needed.