Aon, law firm issue guide on insurability of GDPR finesReprints
Fines under the European Union’s General Data Protection Regulation are insurable in only two countries, Finland and Norway, while in other jurisdictions they are either not regarded as insurable or it is unclear, according to a guide issued by Aon P.L.C. and law firm DLA Piper on Wednesday.
Under the GDPR, which takes effect May 25, fines can reach up to 20 million euros, or up to 4% of a group’s annual revenues.
In 20 of the 30 reviewed jurisdictions, fines would generally not be regarded as insurable, while in eight their insurability is unclear, according to the guide called The Price of Data Security: A Guide to the Insurability of GDPR Fines Across Europe.
“Moreover, the consequences of GDPR noncompliance are not limited to monetary fines,” says the report. “There are also the costs associated with noncompliance.
“These costs, potentially resulting from a data breach, could include, for example, legal fees and litigation, regulatory investigation, remediation, public relations and other costs associated with compensation and notification to impacted data subjects. Furthermore, the potential damage to an organization’s reputation can be significant.”