The European Union's General Data Protection Regulation (GDPR) was adopted in 2016 to strengthen data protection procedures and practices.

All companies established or operating in the EU must comply, causing companies to evaluate their data security standards to meet compliance by the May 25, 2018 deadline.

Cyber insurers are also anticipating a shift in both coverage demand and long-term incident reporting.

|

New regs

As EU and U.S. companies reevaluate their data security posture to prepare for the new regulations, and assess the hefty fines attached to GDPR laws, having a cyber insurance policy has become more attractive, says BitSight Technology's Vice President Jake Olcott.

In a conversation with PropertyCasualty360.com, Olcott offered insight into the long-term impacts of GDPR on cyber insurers and underwriters, both in the EU and here in the U.S.

Olcott says the reason why GDPR is such a big deal is because of the fines. It will be much more expensive than existing regulations, as the maximum fine for not complying with the GDPR is €20,000,000 (roughly $23.7 million US) or 4 percent of a company's worldwide revenue (not profit), whichever is greater.

The concern is cyber insurance policies as they are written today won't cover GDPR fines. Olcott says for carriers and brokers, the question is, "What does this new regulation mean?"

|

Coverage for fines?

"It means there are a lot more companies that will be focused on cyber insurance and buying cyber insurance policies, which is great. But there is a concern that policies the way they are written today may not allow insurance companies to cover GDPR fines."

Olcott recently penned a blog post on how and why U.S. businesses should prepare for the GDPR, and in a separate write-up, provided an 8-part checklist of tasks to prepare for compliance to the pending regulation.

BitSight Technology is a security ratings company that offers data analytics and security software, helping companies manage third party risk, underwrite cyber insurance policies, benchmark security performance & assess aggregate risk. BitSight offers guidance on GDPR compliance with their report "A Risk Manager's Guide to the General Data Protection Regulation (GDPR)."  

Olcott says certain industry sectors are more prepared for the GDPR than others. In this Risk Manager's Guide, BitSight lists 6 ways companies can prepare for the GDPR.  

Related: 3 best practices for a layered cybersecurity program

|

6 proactive ways to prepare your organization for the GDPR

|

1. Find technology solutions and helpful resources that will help you solve GDPR-related issues.

2. Create an in-depth plan for third-party risk.

3. Modulate your GDPR program.

4. Begin your GDPR compliance program by addressing the vast majority of the GDPR that is clear — not the small minority of it that is not.

5. Ensure you have appropriate security controls in place for your data.

6. Use quality metrics to support your decisions and demonstrate your progress.

You can read about these 6 steps in detail in BitSight's Risk Manager's Guide to the General Data Protection Regulation (GDPR).

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Danielle Ling

Danielle Ling is an experienced video journalist and business reporter. As associate editor, Danielle manages all multimedia and reports on industry news and risk-related coverage, managing all weather-related content. A University of Maryland and Philip Merrill College of Journalism alum, Danielle previously served as a video journalist for Verizon FiOS 1 News NJ, Push Pause. Connect with Danielle on LinkedIn or email her at [email protected].