Does anyone know if GDPR fines insurable?
Share
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Does anyone know if GDPR fines insurable?
HellenB
Yes – there are some cyber insurance policies that cover this.
However, be prepared for bigger premiums plus there will be plenty of insurance ‘caveats’ that will be applied which will take plenty of unravelling. In addition, wilful negligence or criminal activity are unlikely to be covered.
Chris Roberts
If memory serves me well (?) its illegal to insure against the fine itself, but it can cover the disruption as Barry Moult says.
I know of an insurer (who is new in the market) who is offering a different proposition to the established players. Their story is that they pay out as soon as the ICO provide a reference number for a breach incident. Premiums are low and the payout is normally in the £10,000 to £20,000 area. It’s designed to give the SME an immediate payout of cash so they can engage the services of experts to deal with the issue at hand.
Suze
Hi – highly unlikely. That would be like trying to insure yourself against traffic violations. Various insurers offer cyber insurance, which may help contribute to the cost of recovery of systems, or for forensic investigations, but if you have breached legislation, it’s possible (likely) that you’d have a tussle with your insurance provider if you were found to be negligent.
kathleen
Depends on the country. DLA piper has a report on that: https://www.dlapiper.com/en/uk/insights/publications/2020/05/third-edition-of-guide-on-the-insurability-of-gdpr-fines-across-europe/
Barry Moult
Insurance against fines is a no.
Insurance against disruption and other issues i would say yes, but don’t expect it to be cheap
Tash
Not seen any that will insure against fines yet.
Sarah Clarke
Deferring to others as my knowledge of specific inclusions / exclusions is getting out of date, but fines were never historically covered in policies I was party to. Kathleen’s DLA Piper paper is better context. Notification to data subjects was the main cost covered and it’s key to work out what benefit you may get from other pre-existing insurance e.g. existing cyber insurance or general insurance coverage for legal fees. ICYI I wrote a long-read piece back in the day about limitations, pros, and cons of cyber insurance. There’s a fair bit of transferable perspective, but as I said, offerings have moved on and it’s perfectly reasonable to transfer risk it is not legally required, or arguably feasible to mitigate without causing other intolerable impacts. Always noting that mitigation being hard and expensive is not counted. https://infospectives.wordpress.com/2015/04/02/cyber-insurance-is-like/
Henk van Leussen
In the Netherlands, as in other countries, you can take out cyber insurance. Depending on which insurance company you have and which policy you have taken out, a civil fine as well as a fine from the regulator can be insured.
Hiscox is a well-known name in this.