16 May 2018Insurance

GDPR fines only insurable in two countries

GDPR (General Data Protection Regulation) fines which can reach up to 4 percent of a group's annual global turnover are only insurable in Finland and Norway from a group of 30 reviewed jurisdictions, according to Aon and DLA Piper research.

The GDPR will come into force on May 25, 2018 and aims at giving control to EU citizens and residents over their personal data.

There are currently only a few jurisdictions in Europe where civil fines can be covered by insurance and, even then, there must be no deliberate wrongdoing or gross negligence on the part of the insured, according to the research. Criminal penalties are almost never insurable. GDPR administrative fines are civil in nature, but the GDPR also allows European Member States to impose their own penalties for personal data violations, the report notes.

In 20 out of 30 reviewed jurisdictions GDPR fines would generally not be regarded as insurable, including the UK, France, Italy and Spain.

In eight of the jurisdictions it is unclear whether GDPR fines would be insurable, Aon and DLA Piper note. In these jurisdictions specific details around individual cases, for example the conduct of the insured and whether the fine is classed as criminal, will need to be considered.

"While there are only a few jurisdictions where GDPR fines are insurable, insurance against legal costs and liabilities following a data breach is widely available across Europe and may provide valuable cover to organisations,” said Prakash Paran, partner at DLA Piper.

Whilst the insurability of GDPR fines may be limited, insurance forms a key component of an organisation’s risk management strategy to manage costs associated with GDPR non-compliance and resulting business disruption losses, the report noted. Such costs could include legal fees and litigation, regulatory investigation, remediation and other costs associated with compensation and notification to impacted data subjects.

Vanessa Leemans, chief commercial officer Aon Cyber Solutions EMEA, added: “GDPR will expose organisations to significantly higher risks related to how they manage and store personal data. Data breaches, and other cyber events, could see businesses face both major fines and extensive costs. It is therefore essential that organisations fully understand where their exposures lie. They should work closely with their insurance partners to ensure they have an appropriate risk transfer solution and incident response plan in place.”

Make sure you are GDPR compliant and  confirm your email address to keep getting our daily emails

More of today's news

Commercial insurance rates rise

XL Catlin creates cover for autonomous technology

BIBA CEO bemoans regulatory burden

The Hanover longtime chairman Angelini retires

Weather Analytics merges with Athenium

Hamilton Re poaches new controller from Equator Reinsurances

Don't miss our insurtech email newsletter - sign up today

Already registered?

Login to your account

To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.

Two Weeks Free Trial

For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk


More on this story

Insurance
21 May 2018   A new data protection regulation which comes into force from May 25 in Europe will offer customers more insight into insurers’ decisions with regards to pricing and claims payments, increasing the likelihood of disputes while facilitating the switch to a different provider, as Intelligent Insurer discovers.
Insurance
1 June 2022   ESG (environmental, social, corporate governance) factors present unique challenges for participants in the insurance sector. Unexpected claims, regulatory requirements and investor demands are just three challenges it faces.
article
5 October 2022   Developments in the environmental, social and corporate governance world are reminiscent of the change from Solvency I to Solvency II in the insurance space and the industry must be prepared, advises Luc Bigel, partner at DLA Piper.