GDPR and Insurance: who picks up the tab when things go wrong?

Alison Padfield QC, Clare Dixon and Peter Morcos |

Notwithstanding assurances from the Information Commissioner that they “prefer the carrot to the stick” the fact remains that the ICO will have the power under Article 83(4) the General Data Protection Regulation (“GDPR”) to levy fines of up to €10million or 2% of annual global turnover on data controllers. Alison Padfield QC, Clare Dixon and Peter Morcos consider which aspects of GDPR compliance are likely to be insurable and/or insured, focussing in particular upon: (a) the insurability (or otherwise) of fines; (b) new potential liabilities under the GDPR; and (c) the potential pitfalls of assuming that cyber insurance will cover all civil liabilities under GDPR.

Download