It’s finally here… well, almost.
We’re less than 24hrs away from the implementation of the General Data Protection Regulation (GDPR) which comes into effect on May 25, 2018. However, it appears most of us are still a long way from being ready.
Research from QBE Business Insurance has revealed that only 27.6% - little over a quarter - of UK businesses believe they are completely compliant with the new legislation. Research, undertaken by OnePoll, quizzed 500 UK businesses and while 29.2% said they had a “thorough knowledge” of the regulation, 52.2% had just “some awareness” and 12.2% has “no awareness.”
“Despite a lot of noise around the introduction of the GDPR, it is clear from this research that the new regulation could catch a lot of businesses by surprise,” said Erica Constance, cyber portfolio manager at QBE Business Insurance. “With only 27.6% of respondents confident enough to say that they are fully compliant with the legislation only a few days away from its introduction, it is apparent that the GDPR is causing severe headaches for many organisations.”
For the insurance sector, Friday is likely to mark another day of rushed client contact with companies scrambling to pick up cyber insurance policies in light of the new regulation.
“Over the past month in particular we’ve seen the floodgates open as businesses rush to prepare for the regulation,” said James Brady, cyber insurance lead for Hiscox UK & Ireland. “Cyber security is already a complex issue with new threats emerging daily, so adding a new set of demanding data protection rules into the mix leaves businesses with a lot to plan for, and sadly many aren’t where they need to be.
“Cyber insurance helps to protect businesses against cyber security threats but the better policies will also offer a valuable suite of services such as access to specialist legal advice, IT forensics and reputation management to help deal with a breach and limit the extent of the damage. Some will also cover the cost of regulatory investigations which is perhaps one of the key reasons why GDPR has prompted such an uptick in demand for cyber insurance.”
For Raf Sanchez, Beazley international breach response service manager, however, cyber insurance is just part of the equation.
“How personal data is used and protected in an increasingly connected world is a huge challenge both for the organisations holding the data and for the individuals to whom the data relates,” he explained.
“How can the insurance industry help to mitigate these risks going forwards? Cyber insurance will play an important role, but only if it sits alongside a robust data privacy compliance programme, internal risk management planning, software tools and board-level involvement.”
For brokers, it has become more vital than ever to make sure their clients are well aware of the deadline. Those that fail to change will face serious consequences.
“From Friday, if a business has a data breach, they will be expected to alert the Information Commissioner’s Office within 72 hours,” added Constance. “Failure to do so could result in considerable fines, which combined with the potential damage to reputation means cyber risk should be firmly at the top of all businesses’ agendas.”