Research on the increase in secondary costs as a result of new regulatory burdens imposed on organisations as a result of the forthcoming EU General Data Protection Regulation (GDPR) has exposed a hidden danger.
The costs of insuring against a breach of contract, litigation costs incurred as a result of cyber-attacks and compensation claims made by millions of customers for breach of their personal data records is set to escalate insurance premiums by as much as 150%, warns Martin Hickley, Director of Data Protection at GO DPO® EU Compliance, a specialist executive training company.
Hickley says: “It’s well known that most organisations impacted by the GDPR are dangerously under insured and only about 10% of them have adequate cyber insurance. What’s even more alarming is the financial jeopardy that most organisations now face by not having adequate protection cover for data and privacy breaches.
“Our research shows how easy it is for organisations to fall foul of administrative and data protection principles under the GDPR that will result in punitive fines. Should organisations fail to take mitigating steps within the two year transition period, then insurance companies won’t cover them.
“We’ve already heard in the market that some insurance providers will be reluctant to insure businesses because of the level of financial penalties. Unless data controllers and data processors take appropriate steps now to reduce the risk profile of their businesses, they could find themselves without insurance cover and unable to trade,” argues Hickley.
These organisations shouldn’t delay in conducting a Data Protection Impact Assessment (DPIA) as well as ensuring that all staff that handle personal data are adequately trained in order to comply with the new EU Regulation. Increasingly, this responsibility is for the Data Protection Officer (DPO) that exists in 35% of all other jurisdictions within the EU.
Recent Comments