United Kingdom

The price of data security

The potential financial impact of the General data Protection Regulation (GDPR) has generated concern across organisations globally. It is important for you to be aware of how the insurability of fines, legal and other costs and liabilities following a data breach is approached in different jurisdictions. GDPR fines can reach up to €20 million or, if higher, up to 4% of a group's annual global turnover.

Aon has partnered with DLA Piper to provide insight into the insurability of GDPR fines across Europe and the potential financial impact of a data breach.

We hope that you find this an invaluable guide to understanding and managing the impact of GDPR on your organization, while supporting you and your stakeholders to make informed decisions.

GDPR Heatmap
The price of data security
Download: Aon & DLA Piper's GDPR Fines Guide

By pressing submit, you consent to DLA Piper and Aon being joint controllers of your data. You will not be contacted by either party, unless you have indicated that you would like more information about their services.

Aon and other Aon group companies will use your personal information to contact you from time to time about other products, services and events that we feel may be of interest to you. All personal information is collected and used in accordance with our privacy statement.

1DLA Piper has included as "not insurable" countries where in certain limited circumstances a fine might possibly be indemnifiable, but under local laws or public policy fines would generally not be regarded as insurable

2Data regulatory environment: Presented as a metric to offer a high level guide to the approximate likelihood of exposure to regulatory action from data protection authorities, and the possible strength of that action. It is assessed through a variety of factors, including (i) availability of criminal sanctions under local law; (ii) size and historic activity level of the regulator; and (iii) presence (and complexity) of supplementary privacy and information security laws. The heat rating assigned to a jurisdiction should not be interpreted as an indication of the likelihood of that country’s data protection authority commencing enforcement action in respect of any specific scenario.

Importantly, GDPR is not yet a live piece of legislation, as date of publishing, and therefore we have no experience of the relative approaches of the data protection authorities to enforcing GDPR in practice.