We use cookies to improve this site and enable full functionality. You can change your cookie settings at any time using your browser. Our cookie policy.

Marsh on GDPR: "The sweeping regulation has not disappointed"

Marsh on GDPR: "The sweeping regulation has not disappointed" | Insurance Business

Marsh on GDPR: "The sweeping regulation has not disappointed"

It’s hard to believe we’re already nearing the first anniversary of the European Union’s General Data Protection Regulation (GDPR). It seems like only yesterday when organisations were busy preparing themselves for the legislation’s implementation while contemplating the implications.

But here we are, three days away from that milestone… to look back – as well as ahead – Marsh has published a report examining the key developments over the past year.

“Proponents of the new law promised a profound change in data privacy protection,” stated the brokerage giant in the publication. “The sweeping regulation has not disappointed.”

One of the main takeaways is the fact that companies are being held accountable. And numbers back this up, with Marsh citing recent figures from the European Data Protection Board.

According to the body, which coordinates the EU’s data protection authorities, nearly €56 million in fines were issued by regulators in the first nine months alone. For the period, over 200,000 cases in 31 countries were brought.

“That tally includes a €50 million fine levied against one company that regulators claim inadequately advised customers about how it collected personal data from new customer accounts and subsequently used that data,” noted Marsh.

“Perhaps more striking than the monetary value of fines imposed is the diversity of enforcement actions. Some cases involve traditional privacy concerns, such as the failure to encrypt or control access to personal data. Others demonstrate the GDPR’s broad scope.”

In One-Year Anniversary of the GDPR: A Look Back and Ahead, Marsh also asserted that firms should expect regulators to continue to aggressively pursue instances of non-compliance.

“The enactment of the GDPR marked a titanic shift for data privacy, signaling the start of more aggressive privacy oversight and enforcement in an era of rapidly advancing technology,” said Marsh, which pointed to factors that when combined create the potential for what it called a “hydra-like” cyber risk for businesses.

Its advice? “Risk professionals should prepare for the potential pitfalls that lie ahead by consulting with their advisors and insurance brokers about evolving regulatory standards and changing technology, and adopting insurance policy terms and conditions to address their organisations’ widening exposures.”