On May 22nd, 2018, the Data Protection Act will be replaced by the EU’s General Data Protection Regulation (GDPR.) The UK’s decision to leave the EU will not affect the commencement of the GDPR.
The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.
The key changes include:
- Increase in maximum potential regulatory fines to €20m, or 4% of global turnover, whichever is the greater.
- The GDPR applies to ‘controllers’ and ‘processors’ - the controller says how and why personal data is processed and the processor acts on the controller’s behalf.
- Legal requirement to have a Data Protection Officer in certain circumstances.
- Mandatory Breach Notification within 72 hours - informing relevant authorities within 72 hours, giving full details of the breach and proposals for mitigating its effects.
With our understanding of the insurance market and access to some of the leading insurers in the industry, we will work alongside our clients to ensure their operations are fully understood and catered for by insurers.
What we can cover:
Our data protection indemnity policy protects against certain expenses a company may incur in the event of a data breach, including:
- Regulatory Fines as a result of breaches of any national law or regulatory requirements.
- Legal advice regarding which laws, regulations or obligations may apply to the breach and the action needing to be taken.
- The expenses involved with notifying people if their personal data have been affected.
- The cost of providing remedial support to people affected, for example by providing credit monitoring services, along with expenses incurred by the policyholder for public relations activity following the breach.
Extensions to cover:
Professional Liability provides protection for damages and legal defence expenses associated with:
- Financial loss claims from third parties, typically customers, arising from a failure of the insured's product or service to conform to the specifications based on which it was sold.
- Various forms of intellectual property breached by the insured – except for patent infringement or misappropriation of trade secrets.
- Claims against the policyholder for defamation.