With less than a year left before the European Union introduces General Data Protection Regulation (GDPR), Minister of State for Digital Matt Hancock has revealed that insurers are seeking access to details of data breaches reported to authorities, in order to “accurately price cyber risk.”
The new law aims to enhance the data protection rights of individuals in the EU and facilitate the free flow of personal data in a single digital market. It includes oversight over information that can be used to directly or indirectly identify a person, including bank details, posts on social networking websites and medical information.
Companies will be required to appoint “Data Protection Officers” and to notify the Information Commissioner’s Office (ICO) and clients of a data breach. Individuals will also have a “right to erasure” and a right to know how organisations use their personal data.
During a speech at a conference hosted by the Association of British Insurers (ABI) Hancock said that talks are underway between the insurance industry and the ICO on how data breach information can be reported for actuarial purposes.
“We will continue to support the industry in pushing for this while recognising the important role the information commissioner plays as an independent regulator,” Hancock added, as reported by Out-Law.com.
In a statement sent to the legal news website, the ICO confirmed that talks are underway.
“A vibrant market in cyber insurance may encourage organisations to adopt better cybersecurity practices as they look to mitigate the risks arising from a cyberattack, and reduce the cost of premiums,” it said.
Recent figures from
DAS UK Group’s Market Barometer show that 39% of 250 insurance brokers in the UK are not aware of GDPR. Of those brokers that are aware, only 57% believe they will be compliant by May 2018.
“It’s concerning to note the apparent unpreparedness of brokers given the deadline is less than eight months away,” commented DAS UK Group’s managing director of insurance for UK and Ireland James
Henderson. “With potential fines of €20 million, or 4% of global annual turnover – depending on which is bigger – awareness should be far higher.”'
Related stories:
Insurers face “large fines” for failing to comply with new EU data law
New EU rules looming – and many UK brokers aren’t ready