The potential financial impact of the General data Protection Regulation (GDPR) has generated concern across organisations globally. It is important for you to be aware of how the insurability of fines, legal and other costs and liabilities following a data breach is approached in different jurisdictions. GDPR fines can reach up to €20 million or, if higher, up to 4% of a group's annual global turnover.
Aon has partnered with DLA Piper to provide insight into the insurability of GDPR fines across Europe and the potential financial impact of a data breach.
We hope that you find this an invaluable guide to understanding and managing the impact of GDPR on your organization, while supporting you and your stakeholders to make informed decisions.
1DLA Piper has included as "not insurable" countries where in certain limited circumstances a fine might possibly be indemnifiable, but under local laws or public policy fines would generally not be regarded as insurable
2Data regulatory environment: Presented as a metric to offer a high level guide to the approximate likelihood of exposure to regulatory action from data protection authorities, and the possible strength of that action. It is assessed through a variety of factors, including (i) availability of criminal sanctions under local law; (ii) size and historic activity level of the regulator; and (iii) presence (and complexity) of supplementary privacy and information security laws. The heat rating assigned to a jurisdiction should not be interpreted as an indication of the likelihood of that country’s data protection authority commencing enforcement action in respect of any specific scenario.
Importantly, GDPR is not yet a live piece of legislation, as date of publishing, and therefore we have no experience of the relative approaches of the data protection authorities to enforcing GDPR in practice.