Three months after enactment of the EU General Data Protection Regulation (GDPR), a primary question for many organizations is how the costs of compliance and non-compliance will interplay with their insurance policies. Fines and penalties are top of mind due to their potential size, variance according to local law, and the issue’s resonance with key stakeholders.
Insureds are asking: “Will my insurance policy respond in the event we are faced with a fine or penalty?” Marsh’s view is that currently the answer is more grey than a black or white certainty in most markets.
Key factors in answering the insurability question will likely include:
Any consideration of insurability must begin with the insurance contract as the foundation for coverage and recovery outcomes. Organizations should work with their advisors to understand how their policies might respond and, where possible, seek to add policy wording that provides the best chance at recovery in the event of GDPR non-compliance.
Contact your Marsh representative to discuss the risk implications of the GDPR for your organization.