The importance of cyber liability insurance in the future was highlighted as EU Protection rules were finally agreed between the Parliament, the Council and the Commission . This will be known as the General Data Protection Regulation ( GDPR) and will apply to all current 28 EU members.
This will unify and modernise data protection laws across the EU , it will apply to data processors as well as data controllers.
The next stage is for the Civil Liberties Committee to approve the text of the GDPR and once this has been approved it will be put to the vote by parliament at the beginning of 2016. Regulation will then become directly applicable and will take effect in Member States in 2018.
Some of the main data protection requirements will be as follows:-
- Businesses will need to appoint a data protection officer
- Data breaches will need to be notified to the relevant data protection authority within 72 hours. Depending upon the breach it may need to be notified to the affected data subjects.
- Businesses will need to carry out privacy impact assessments prior to carrying out any high risk data processing.
- Implement privacy by design when carrying out processing personal data.
If a business is found to be in breach of the GDPR , a fine of up to 4% of their total worldwide turnover which demonstrates the importance that the EC attach to this.
This has been a very busy two weeks for the EEC as they also announced last week the first cyber security law , the Network and Information Security Directive . This represents a security and reporting directive for companies in critical businesses sectors such as transport , energy , health and finance.
Despite the GDPR not coming into force until 2018 , it is important to now consider the implications of the cost of compliance on a businesses such as :-
- The adequacy of a IT systems
- The current methodology of data collection and processing
- The re-training of staff with the new data protection law and implications of non- adherence
Cyber liability insurance will play a significant role in supporting businesses when enforcement of the law takes place.
A current Cyber liability insurance policy can assist as follows:-
- Privacy liability
Damages and claims expenses associated with the unauthorized disclosure of confidential information.
- Privacy regulatory defense and penalties
In the event of a data breach the policy would provide coverage for claim expenses incurred as result of a civil regulatory action which includes civil penalties or fines to the extent that they are insurable by law.
- Privacy breach response costs and customer notification expenses
The policy would assist with the response costs associated with the breach and customer notification costs of individuals that may have had their data compromised.
- Customer support and credit monitoring expenses
This would involve the support of a specialist crisis management response team and the availability of credit monitoring for a period of time post breach, up to a year.
Cyber liability insurance is an evolving insurance product, with insurers constantly looking to enhance coverage in response to a businesses developing technology exposures and it is anticipated this niche product will further develop in response to the forthcoming GDPR.