Tougher New European Data Protection Law to Have Lasting Effects
Data protection laws in Europe just got a lot tougher. The European Parliament’s recent approval of the new General Data Protention Regulation (GDPR) — a landmark law four years in the making — significantly expands privacy regulations for corporations, including potentially drastic fines for companies violating the law.
The new GDPR becomes effective in 2018 and can affect any company handling European personal data inside or outside of Europe. The GDPR applies to more data processing activities and organizations than existing regulations. It:
- Strengthens and expands individuals’ personal information rights.
- Expands the territorial scope and application of EU privacy law.
- Increases organizations’ compliance obligations.
- Expands regulators’ enforcement and sanction powers, fines of EUR20 million or 4% of a company’s global revenue, whichever is greater.
- Introduces new data breach notification rules.
Organizations — including regulators — must recognize that growing cyber risks cannot be resolved solely through better technology. Regulations like the GDPR reflect the growing consensus that organizations must manage cyber threats as a risk issue. Good cyber risk management, which requires working with your insurance advisor, includes assessing exposures to the GDPR, investing in protections and risk transfer, and building your capabilities to respond to cyber threats and better protect your organization.