Elisavet D. 1 Question 21 Answers 0 Best Answers 21 Points View Profile 0 Asked: February 4, 20212021-02-04T13:35:05+01:00 2021-02-04T13:35:05+01:00In: GDPR GDPR fines 0 Does anyone know if GDPR fines insurable? Share Facebook 8 Answers Voted Oldest Recent HellenB 2 Questions 83 Answers 0 Best Answers 79 Points View Profile HellenB Silver contributor 2021-02-04T16:19:25+01:00Added an answer on February 4, 2021 at 4:19 pm Yes – there are some cyber insurance policies that cover this. However, be prepared for bigger premiums plus there will be plenty of insurance ‘caveats’ that will be applied which will take plenty of unravelling. In addition, wilful negligence or criminal activity are unlikely to be covered. 3 Reply Share Share Share on Facebook Share on Twitter Share on LinkedIn Chris Roberts 0 Questions 42 Answers 0 Best Answers 42 Points View Profile Chris Roberts Silver contributor 2021-02-05T17:56:05+01:00Added an answer on February 5, 2021 at 5:56 pm If memory serves me well (?) its illegal to insure against the fine itself, but it can cover the disruption as Barry Moult says. I know of an insurer (who is new in the market) who is offering a different proposition to the established players. Their story is that they pay out as soon as the ICO provide a reference number for a breach incident. Premiums are low and the payout is normally in the £10,000 to £20,000 area. It’s designed to give the SME an immediate payout of cash so they can engage the services of experts to deal with the issue at hand. 2 Reply Share Share Share on Facebook Share on Twitter Share on LinkedIn Suze 0 Questions 3 Answers 0 Best Answers 3 Points View Profile Suze 2021-02-04T15:12:48+01:00Added an answer on February 4, 2021 at 3:12 pm Hi – highly unlikely. That would be like trying to insure yourself against traffic violations. Various insurers offer cyber insurance, which may help contribute to the cost of recovery of systems, or for forensic investigations, but if you have breached legislation, it’s possible (likely) that you’d have a tussle with your insurance provider if you were found to be negligent. 2 Reply Share Share Share on Facebook Share on Twitter Share on LinkedIn kathleen 0 Questions 2 Answers 0 Best Answers 2 Points View Profile kathleen 2021-02-19T12:34:35+01:00Added an answer on February 19, 2021 at 12:34 pm Depends on the country. DLA piper has a report on that: https://www.dlapiper.com/en/uk/insights/publications/2020/05/third-edition-of-guide-on-the-insurability-of-gdpr-fines-across-europe/ 1 Reply Share Share Share on Facebook Share on Twitter Share on LinkedIn Barry Moult 0 Questions 29 Answers 0 Best Answers 29 Points View Profile Barry Moult Bronze contributor 2021-02-05T15:00:49+01:00Added an answer on February 5, 2021 at 3:00 pm Insurance against fines is a no. Insurance against disruption and other issues i would say yes, but don’t expect it to be cheap 1 Reply Share Share Share on Facebook Share on Twitter Share on LinkedIn Tash 0 Questions 23 Answers 0 Best Answers 23 Points View Profile Tash Bronze contributor 2021-02-04T18:59:21+01:00Added an answer on February 4, 2021 at 6:59 pm Not seen any that will insure against fines yet. 1 Reply Share Share Share on Facebook Share on Twitter Share on LinkedIn Sarah Clarke 0 Questions 2 Answers 0 Best Answers 2 Points View Profile Sarah Clarke 2021-03-02T11:12:51+01:00Added an answer on March 2, 2021 at 11:12 am This answer was edited. Deferring to others as my knowledge of specific inclusions / exclusions is getting out of date, but fines were never historically covered in policies I was party to. Kathleen’s DLA Piper paper is better context. Notification to data subjects was the main cost covered and it’s key to work out what benefit you may get from other pre-existing insurance e.g. existing cyber insurance or general insurance coverage for legal fees. ICYI I wrote a long-read piece back in the day about limitations, pros, and cons of cyber insurance. There’s a fair bit of transferable perspective, but as I said, offerings have moved on and it’s perfectly reasonable to transfer risk it is not legally required, or arguably feasible to mitigate without causing other intolerable impacts. Always noting that mitigation being hard and expensive is not counted. https://infospectives.wordpress.com/2015/04/02/cyber-insurance-is-like/ 0 Reply Share Share Share on Facebook Share on Twitter Share on LinkedIn Henk van Leussen Netherlands 3 Questions 11 Answers 0 Best Answers 11 Points View Profile Henk van Leussen Bronze contributor 2021-02-10T18:46:32+01:00Added an answer on February 10, 2021 at 6:46 pm In the Netherlands, as in other countries, you can take out cyber insurance. Depending on which insurance company you have and which policy you have taken out, a civil fine as well as a fine from the regulator can be insured. Hiscox is a well-known name in this. 0 Reply Share Share Share on Facebook Share on Twitter Share on LinkedIn Leave an answerCancel replyYou must login to add an answer. Username or email* Password* Captcha* What is 8 + 4? Remember Me! Forgot Password?