The General Data Protection Regulation goes into effect this month on May 25. Better known as the GDPR, the regulation was adopted in 2016 to extend data protection and privacy people within the EU. If you do business within the EU, even if your company is based outside of it, the GDPR is set to affect you. While uniformity should, theoretically, make compliance easier, penalties are set at 4% of global turnover or €20 million, whichever is higher. That’s not even including the cost of litigation or compensating victims of a data breach.
If your best efforts to comply aren’t enough, would your cyber insurance cover you? Likely your insurability will depend on the jurisdiction of the offense, with countries like Finland and Norway allowing insurance, as long as there was no deliberate wrongdoing. In twenty other jurisdictions, such an offense appears to be un-insurable, while, in eight others, there is legal gray area. While the best course of action is to remain compliant, it is best to fully understand your risk before the regulation goes into effect.
From a Cyber insurance coverage perspective, it is imperative to note that not all Cyber Insurance policies include coverage for regulatory fines and penalties. In fact, most Cyber policies specifically exclude coverage for fines and penalties irrespective of jurisdiction and venue.
Financial services firms have unique risk management exposures especially as it relates to cyber protection. Contact us today for a no cost, no obligation analysis of your current cyber insurance or to simply talk through your specific exposures and various coverage scenarios.