News & Events

Can your business really afford a fine of up to £20 Million for a data protection breach?

With all the recent attention in the press on Cyber breaches, businesses need to understand the proposed reform of the General Data Protection Rules, (GDPR). This article covers the GDPR objectives that will come into effect in 2018, the costly consequences if you don't comply and what measures you should consider taking, including Cyber Insurance.

Share this page on:

What is GDPR?

In 2012, the European Commission announced the proposal of a comprehensive reform of the EU’s 1995 data protection rules. This in turn became known as the General Data Protection Regulations, (GDPR) and it will come into effect in May 2018.

The key objectives are:

  • A harmonised pan-EU regulation, replacing the existing patchwork of myriad national regulations
  • An improvement of the current system of binding corporate rules for a safe transfer of data outside of the EU
  • A regime allowing better control over an individual’s data

What if you fail to comply with GDPR?

The fine is 4% of your turnover to a maximum of £20,000,000. This is very different to the current rules under the Information Commissioner’s Office (ICO), who are only able to levy fines of up to £500,00 and earlier in the year, imposed a record fine on Talk Talk of £400,000, following the theft of personal data involving more than 150,000 UK customers. Protecting a customer’s data is also about protecting the reputation of your business.

What should you do next?

May 2018 may seem like a long time away, but there are a number of measures our clients, (UK businesses) must put in place:

  • Creating a continuity plan for data breaches
  • Ensuring that accountability from data breaches in understood by key personnel in your business
  • Ensuring you design privacy into your products and services
  • Considering the legal basis of how you use personal data
  • Checking you have appropriate privacy notices and policies
  • Being prepared for subject data requests for any personal data held
  • Considering and agreeing who is responsible when data is transferred or processed
  • Setting up a framework that ensures you have a legitimate reason for transferring personal data to countries with less stringent data protection rules

For assistance, click here for a 12 step guide on preparing for the General Data Protection Regulations (GDPR).

And…what about Brexit?

Theresa May wants the UK to leave the EU by the end of March 2019 and after that date, the government may decide to stick with GDPR. Alternatively, new laws could be introduced that would cap fines as a way of tempting companies to operate in the UK.

Regardless of Brexit, if you trade or interact with a European business covered by GDPR, you will still need to comply with it.

Here at Square Mile Broking, we would like to talk to you about how Cyber Insurance can also assist you with GDPR compliance. Please click here to contact us for further information about Cyber Insurance.