It has been over a year since the General Data Protection Regulation (EU) 2016/679 (GDPR) entered into force. Throughout the past two years all EU based companies as well as most of other global organisations had to ensure compliance with the new data protection regime under the GDPR. In the meantime, the domestic regulators have begun with monitoring and enforcing the compliance. With the unification of the data protection system throughout the EU, the regulators have been granted greater powers and new enforcement options. While fines related to data protection breaches may have been scarce in the pre-GDPR period, this is subject to change. Under the GDPR, regulators are allowed to issue fines up to EUR20 million, or up to 4% of a group's annual global turnover if higher. With GDPR fines becoming a reality, the insurability of such fines has also become an important topic for practically every company.
While most companies have implemented the required measures and safeguards into their businesses and privacy policies, not all jurisdictions have amended their local legislation to reflect and complement the new data protection regime under the GDPR. Since GDPR fines are issued and enforced according to the laws of each EU member state, the possibility of ensuring these fines also relates directly to these national laws.
In order to provide an overview of these various regimes, DLA Piper has teamed up with AON to create a comprehensive guide to the insurability of GDPR fines across Europe. In second edition the most recent developments as well as certain case studies have been included. The Viennese team has been involved in numerous GDPR related projects and has contributed the knowledge and experience for this guide. The guide can be downloaded here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.