15th March 2019

GDPR Fines - Affirmative Insurance Coverage



The EU General Data Protection Regulation (GDPR), effective from 25 May 2018, introduced new enforcement rights for regulators, including the ability to levy fines of up to EUR20 million, or if higher 4% of annual global turnover. The most high profile case to date has been the French agency, CNIL, imposing a EUR50 million fine against Google for failing to meet transparency and information requirements and failing to obtain a legal basis for data processing.

The insurability of GDPR fines in the UK is a contentious and uncertain area and will remain so until it becomes legally tested with case law precedent established, but one insurer is taking an affirmative stance by offering a specific endorsement providing coverage of up to GBP20 million for GDPR fines. This extension of coverage will provide additional protection for firms looking to mitigate their GDPR exposure. 

This is potentially a major development in the insurance market and we expect this affirmative stance to lead to other insurers following suit and specific GDPR coverage becoming more widely available, potentially even as a standard extension, but until then we fully welcome this market development and look forward to working with our clients to offer this enhanced protection.

Find out more

To find out more on how your business could be protected in the event of a GDPR breach, get in touch with our Fintech and Payment Services team.

Get in touch