The clock is ticking for businesses to make final preparations ahead of General Data Protection Regulation (GDPR). On May 25, organisations across the world will be exposed to privacy and data breach liability risks like never before.
Risk managers such as Liz Walker, director, enterprise risk & global insurance at Groupon, an e-commerce company, are putting compliance efforts at the top of their agendas. “GDPR is a big issue,” she says. “It’s going to be challenging for everybody.”
The new rules set a universal standard for consumer data privacy and will apply to any and every company that collects data of EU citizens. Particularly worrisome for risk managers is the prospect of class action lawsuits and heavy fines associated with GDPR.
The fines associated with violations could be hefty, to say the least. The penalty for any would-be violators could top US$24m (or 4% of annual global turnover, if that’s greater) – and regulators will be keen to make an example of the first offender.
Complying with the regulation is no simple task. Beazley, a leading cyber liability insurer, recently announced that it’s partnering with an international law firm to launch a GDPR helpline to help risk managers navigate the complex web of regulatory requirements. “Behind the headline-grabbing financial penalties, GDPR is complex and it needs to be properly understood by organisations so they can understand what they need to do now to mitigate their exposure,” says Raf Sanchez, international breach response service manager at Beazley. “The experience of our [Beazley Breach Response] team has shown a real and pressing need for easy access to specialist advice at this critical juncture.”
One of the keys, Walker says, is that companies make their best effort to comply – and document it. “It appears regulators are going to try to determine which companies are making a good effort to comply versus companies that are ignoring that regulations are changing and aren’t doing anything about it,” she says. “I think documenting what companies are doing to bring themselves into compliance is key.”