10 July 2017
Businesses have less than a year to prepare for sweeping changes to the UK’s data protection rules. NIG’s Director of Underwriting and Pricing Justin Clarke re-explores the General Data Protection Regulation to see what it involves, and how companies can get ready for it.
In an increasingly digital age, data protection remains an important issue for businesses as diverse as retailers, technology firms and providers of professional services.
Next May, a host of new rules will come into force, as the European General Data Protection Regulation (GDPR) replaces the current Data Protection Act.
With a significant shake-up on the cards, what key changes must small and medium-sized enterprises (SMEs) prepare for between now and 2018?
The GDPR in a nutshell
The new legislation is designed to protect European citizens from data and privacy breaches in an era when smartphones, apps and social media have made it easier than ever to share information.
The GDPR puts forward a series of rules which those controlling or processing personal data will need to comply with. It covers a wide range of areas, including consent, governance and the process of reporting data breaches. It also provides individuals with new rights regarding the use of their personal data. Companies who fail to respond could face penalties worth up to 20 million euro (£17.6 million) or 4% of their annual worldwide turnover [SC1].
Although developed by the European Parliament and applicable across the European Union (EU), the UK Government has indicated that Brexit will not halt the introduction of the GDPR in this country. It will cover organisations operating within the EU, as well as those outside the trading bloc who offer goods and services to EU citizens.
In-depth guidance concerning the GDPR is available from the Information Commissioner’s Office (ICO)
For SMEs, the key measures to consider include:
Getting ready for the GDPR
It’s true that the GDPR legislation will impact some firms more than others. However, as well as reading up on the ICO’s guidance, all SMEs should consider the following measures to avoid any nasty surprises next May:
At a time of significant regulatory change, it’s also an idea to look over your insurance policies to check you’re covered against any disruptions or financial risks.
For bespoke cyber insurance SMEs should look no further than NIG’s regionally-traded Cyber Cover product, which was given a 4/5* rating by an independent broker reviewer in Insurance Age during 2016 [SC2].
NIG Cyber Cover offers data-breach expense cover as standard that can help cover the cost of professional, legal, forensic IT, PR and crisis management services following a breach event.
The comprehensive cover that our product offers also includes our 24/7 support, which can go a long way to safeguarding the future of your business should you ever be the victim of a data breach.
Here’s what our Cyber policy also covers:
You can find more information about NIG’s Cyber Cover product, including Key Facts, Sales Aid, Proposal Form and Policy Wording, on our website here.
[SC1] Source: http://www.eugdpr.org/key-changes.html