What Is GDPR?
The General Data Protection Regulation or GDPR is a set of laws created with one ultimate goal: to protect the personal data of people in or from the European Union (EU). The critical point here is that the individual’s nationality or residence is irrelevant- just whether they are in or from the EU. This law has forced the hand of many businesses to adopt the regulations into their practices for data collection- most commonly seen on websites. The GDPR became effective on May 28, 2018, but many businesses are still catching up due to inertia in changing procedures and practices.
Does GDPR Affect Me?
Regardless of the size, type or location of your business GDPR will most likely have a significant impact. A substantial, troublesome circumstance is that GDPR expressly extends the reach of EU data protection laws to businesses based outside the EU. Moreover, this doesn't just apply to data collected from websites and e-commerce. Companies must protect personal data they possess or suffer the consequences. Since businesses are now jointly and separately liable for the data they process under the GDPR, you will need to do some follow-up with your vendors and clients as well. You need to be worried about their practices because GDPR applies even if you are processing data on behalf of another organization.
What Are The Consequences For Not Complying With GDPR?
If an "Upper Level" business does not comply with the GDPR, it could face a maximum fine of $24.6M (€20M) or 4% of its worldwide revenue (not profit), whichever is greater as a potential fine. Smaller businesses do still need to worry as hefty penalties apply for them as well.
How Do I Protect My Business From These Consequences?
You can read any number of online GDPR guides to prepare your business for GDPR compliance, but they would agree that the best place to start is on straightforward components you can meet quickly. Our clients have found that the quickest, and most complete way to protect your business is through Cyber Liability Insurance. Our clients have eased into GDPR compliance easier because in acting as their broker, we already are aware of their specific business risks and can advise them as part of our risk management services.
There are currently over 85 insurance carriers offering Cyber Liability Insurance, each with different options and features of their program. I have seen that unlike other insurance lines, there is NO STANDARD FORM. Every policy is a mixed bag of features, endorsements, exclusions, and legal language. This way of writing "off the shelf" policies leaves some companies overpaying for risks that their business does not have and lacking the protection that they need.
This lack of standardization means many insurers are not offering the correct coverage for GDPR. So while Insurers are marketing GDPR endorsements, they are not genuinely protecting you with the tailored coverage that businesses in particular industries need.
I am both an attorney and insurance broker- specializing in Cyber Insurance for more than five years. The advantage for our clients is that I have read the law and know the correct language to request in their cyber insurance policies. Finding a comprehensive Cyber Liability Insurance Program with a broker that you can trust is the only practical way to protect yourself from the harsh GDPR regulations NOW- so you will not have problems LATER.