The General Data Protection Regulation (a.k.a. GDPR) creates one privacy law across the European Union (EU), and is quickly becoming a global privacy standard. Basically, GDPR dictates how and when an organization can collect, share, store, and delete the private information of EU citizens. If you offer goods or services to, or collect data about, an EU citizen, this law applies to you — irrespective of where your organization is based or if you collect payment.
That’s right, it doesn’t just apply to EU organizations, but all organizations globally that touch the data of EU citizens. This means that, as an organization, you need to be open and honest regarding how you are using such data. Moreover, you need to disclose why you are collecting data and receive permission before collecting any such data in the first place. Finally, should a breach occur, you must report the breach within 72 hours.
If that sounds like a lot to manage, it is! Fortunately, we’re here to help you understand how to comply with GDPR and help you respond to violations.
By default, Coalition’s comprehensive cyber insurance policy covers security failures and data breaches involving the private information of EU citizens, and our policy will respond by paying breach response costs, claim expenses, and any resulting damages. Similarly, Coalition’s policy responds by paying on your behalf claim expenses and regulatory penalties from a regulatory proceeding arising from a security failure or data breach. This includes the alleged violation of GDPR.
Effective February 1st, 2019, Coalition offers enhanced GDPR coverage to all policies by endorsement. In addition to offering coverage for GDPR fines and penalties arising from a security failure or data breach, Coalition is leading the industry by affirmatively covering claims arising from GDPR that are not caused by a security failure or data breach. Instead, coverage arises when a GDPR claim is brought against the insured for failing to comply with GDPR and with their own privacy policy. Specifically, the coverages address certain aspects of GDPR that are also addressed in an insured’s privacy policy regarding prohibition or restriction regarding disclosure, sharing or selling of personal information, or the insured’s policy regarding giving access to personal information or to amend or change personal information after a request is made by the individual.
Why does all this matter, you might ask? Looking at recent fines issued by EU regulators, failure to comply with GDPR can be a costly proposition: penalties are assessed at 4% of an organization’s annual global revenue or 20 million euros, whichever is higher. This is just another reason why it’s important to protect your business with a cyber insurance policy from Coalition.
Coalition's GDPR enhancement is included automatically for all non-admitted quotes, and admitted quotes in the following states (41 including D.C.): AL, AR, AZ, CA, CO, CT, DC, DE, GA, HI, IA, ID, IL, IN, MA, MD, MI, MN, MO, MS, NC, NE, NH, NJ, NM, NV, NY, OH, OK, OR, PA, RI, SC, SD, TN, TX, UT, VA, WA, WI, WV.