With the enforcement date looming, now is the time for organizations to determine whether the EU’s new General Data Protection Regulation (GDPR) applies to their business, and to sort out steps to take in preparation of the law’s enforcement. First thing’s first – do you need to worry about GDPR? Answer these questions to find out.
Here are a few fast facts about GDPR:
What is GDPR and when is it effective?
General Data Protection Regulation (GDPR) is the EU’s new regulation designed to govern the collection, storage, and usage of private information. The regulation was created in 2016 and has an enforcement effective date of May 25, 2018.
What is the regulation’s intent?
In short, the regulation is intended to provide citizens of the EU with more control around their personal information. The law aims to unify privacy laws in the EU and sets strict standards for the collection and storage of private information, with unprecedented requirements surrounding consent, inventory accounting, demonstration of compliance, and notification of potential data breaches. While governed by the EU, GDPR will apply to any organization that collects or processes data of EU citizens, regardless of where the business is located.
What are the ramifications of non-compliance?
Non-compliance could have crippling consequences. Penalties for non-compliant companies that experience breaches could be up to 20 million euros (about $24,000,000 USD), or 4% of the company’s global revenue – whichever of the two is larger.
Will insurance cover fines for non-compliance?
Some insurance companies will be willing to add language to affirmatively cover GDPR fines as a result of a breach to the extent legally insurable. Even broader coverage for expenses related to non-breach audits or investigations may be available from certain carriers for additional premium after providing additional underwriting information. Consult with your insurance broker to determine whether your cyber coverage is adequate. To find out more, visit our cyber liability page.
Below are some useful resources that provide information about the regulation, its application, and how to ensure compliance.
Marsh & McLennan Agency’s cyber team specializes in protecting businesses from data security risks. To learn more about cyber liability or to get a complimentary policy review, click the button below.