Data Protection law is changing, and recent research shows that preparing for this is a top three concern for most Directors.
On 25th May 2018 the General Data Protection Regulation (GDPR) will significantly change how businesses can handle and process information. As the date creeps closer, it is important for organisations who hold personal data to prepare – as those that don’t face hefty fines for non-compliance.
One of the most common questions we are being asked is whether or not insurance provides protection for GDPR. Many businesses have assumed that their current commercial insurance arrangements would protect them in the event of a data breach or regulatory fine, but this is not the case. There is no cover under the vast majority of standard commercial insurance contracts for these types of eventualities.
Specialist Cyber insurance can help protect businesses against some of these issues. Businesses should seek specialist advice if they are concerned about the legal, commercial or professional implications of their data being lost, stolen or held to ransom.
Some key practical steps businesses can take are:
– Implement staff training on data security as 65% of data incidents are caused by staff members failing to follow guidelines or opening attachments containing Malware or Ransomware.
– Ensure all portable devices such as laptops, tablets and phones carry a sufficient level of data encryption in case they are lost, stolen or left on a train!
– Seek specialist help to create an Incident Response Plan to cope with a data loss event – this could be the difference between your business reputation surviving or not!
How can insurance help?
Whilst no insurance policy can protect you against certain regulatory fines imposed by current Data Protection laws, or the incoming GDPR, specialist cyber insurance policies can assist with:
– The high costs of recovering from a data breach incident and loss of revenue whilst systems are down.
– Specialist Reputational PR advice on how to manage customer and press enquiries.
– Access to forensic IT expertise who can help you identify and remedy the cause of a data breach.