GDPR insurance – what is it all about? On the 25th of May 2018, the European Union enacted the GDPR rules. The General Data Protection Regulation was actually made in 2016.
However, the EU gave everyone two years to make sure GDPR compliance was up and running. Somehow, a lot of companies managed to ignore the two years and slightly panicked on the 25th of May 2018.
The panic is understandable. If you or your company isn’t playing to the rules of the GDPR you can get fined. Up to 20 Million Euros or 4% of the global annual turnover.
Most people have heard about the GDPR by now. However, a lot of confusion is still around.
It’s one of the topics that nobody wants to spend time with. Implementing the GDPR is one of the tasks that isn’t bringing you any money.
In contrast, you have to invest time and man-power. Nevertheless, it can get really expensive if you don’t take care of it.
For more information on how to do GDPR with WordPress, Read here.
GDPR Compliance For Small Business
The GDPR rule does not make a difference between small business and large scale corporations. However, if you have less than 10 people working for you, you don’t need a data protection officer.
The EU hopes that reliable and mandatory rules will help business in the long term. If the customers feel safe when manoeuvring the internet they might do more purchases.
A lack of trust in old data protection rules held back the digital economy and quite possibly your business.source: EU Data Protection
EU GDPR Compliance
For this reason, here is a short summary of how to do EU GDPR Compliance. If you collect, store and use personal data you have to adhere to the GDPR rules.
Also, when you are processing data for another company. Personal data is anything like name, address, localisation, online identifier, health information, income, cultural profile and so on.
Essentially you have to protect data rights. Make sure to use simple language. When you collect, store and use data you have to highlight who you are. Why are you using the data and how long will you store it? Will it be transmitted to third-party services?
One of the cornerstones of the new regulations is consent. It is very important that consent is given in clear and understandable action.
Make sure that people can access the data you are collecting from them. If you came across a data breach on your side, you have to inform the people in question.
Another cornerstone is the ‘right to be forgotten’. In case someone contacts you about this, you have to erase any data collected.
Anyone must have the chance to opt-out of marketing that uses their data.
Can You Get GDPR Insurance?
Even though the rules seem simple on first look, the fine-tuning can be difficult. Many companies are uncertain if they did everything right.
The rather obvious answer to that is first to get a data protection officer. Then you’ll probably get a good lawyer anyway. The last resort could be a GDPR insurance policy.
But hold on before you get super excited and throw out any efforts to be GDPR compliant. The problem is that a lot of insurances won’t cover any fines.
Because otherwise, they would lose the penalty character they suppose to have. Important to realise, there are already cyber insurance policies. To be fair, your company probably already has one.
Make sure to check in with them what they’ll cover under the GDPR and what not.
What Is GDPR Insurance?
GDPR insurance covers any legal disputes in conjunction with the General Data Protection Regulations. The topic is still relatively new to insurance economics.
They offer to cover the costs of a lawyer in case of a lawsuit. As well as a 24/7 support legal counselling.
It could be questioned though, to what extent you’ll need a new insurance policy. Maybe your standard legal protection insurance could be extended to cyber issues.
The GDPR regulation is now over a year old. It will be very interesting to see how insurance brokers adapt to the new need of GDPR insurances.
I hope this blogpost was helpful.