GDPR: Managing cyber risks and business insurance

The new laws on data management – within the General Data Protection Regulation – impact on all businesses that hold personal information on EU citizens. This means that millions of UK businesses are currently auditing and improving their data control systems.

It mandates companies to make tangible and measurable changes to the way in which data is gathered, stored, used and disposed of.

GDPR compliance improves security

For many smaller enterprises, this housekeeping exercise largely centers on making sure that data held on multiple devices is encrypted and stored on one central piece of software or a cloud platform. This is the sort of data security and protection that the GDPR is demanding of businesses of all types and sizes.

The GDPR also has repercussions for the way Britain’s small and medium sized ventures market their products and services. From now on, they must provide clear and unequivocal systems for customers to “opt in” to receiving further communications once a transaction is complete.

If your organisation has existing databases, it is no longer sufficient to argue that the customers had the chance to opt out. Steps need to be taken to affirm that you have consent for their information to be kept and used again.

Websites and other tools for gathering customer data need to include clearer wording too. This needs to spell out what information is required and why. It needs to provide the essential opt in system, to enable your organisation to send them further communication. It also needs to clarify to customers how long data will be kept for and how it will be disposed of.

This data privacy and security wording is crucial, as are the steps to be taken to manage data systems more efficiently. However, compliance with the GDPR is not a signal that companies can be complacent.

Data breaches should still be a concern

Even with the GDPR in place, cyber security will still be a huge issue in the UK.

Loss of customer data can still happen. If you haven’t adhered to the GDPR, the loss of reputation could be catastrophic, alongside punitive fines. Even if you lose encrypted data (of no commercial value to the third party) it can lead to serious business interruption and a loss of customer faith. You have to report such incidents to the authorities or face fines.

There is always the potential for even the most security conscious and tech savvy company to experience network failures too, or attacks from malware and email scams. There are sophisticated data thieves operating, who adapt to each new attempt to stop them by working around deterrents.

Cyber safety net

One of the most vital safety nets is ensuring that your business insurance includes a relevant amount of cover for cyber risks and the potential repercussions.

This will at least compensate your business if you do experience some form of data loss. Having the right business insurance can also help you manage any interruption to your operations and help to meet the cost of any tech repairs required.

Just as the GDPR is not a magic solution to data breaches, there is no room for complacency if you already have business insurance. You need to check your cover regularly and ensure it matches your current business needs and ambitions.

To find out how our policies cover businesses against data breaches, contact us for a chat.

Also, please see our privacy and security policy for details of how we comply to GDPR with regards to your information.