GDPR and Insurance - Information Management Today

Breach Roundup: Swedish Insurer Fined $3M for GDPR Breach

Data Breach Today

SEPTEMBER 7, 2023

Also, Google Fitbit Faces Privacy Complaints From Schrems This week, the Swedish DPA fined an insurer $3 million for violating GDPR, a DDoS attack disrupted a German financial agency website, Google Fitbit faced privacy complaints from Schrems, Ragnar Locker published hacked hospital data, and Seville, Spain dealt with the aftermath of a ransomware (..)

Insurance

Insurance GDPR Privacy Ransomware

How Cyber Insurance Is Changing in the GDPR Era

Data Breach Today

NOVEMBER 7, 2018

Privacy Breach Claims Are Rising, Says Thomas Clayton of Zurich Insurance Although the EU's General Data Protection Regulation only went into full effect on May 25, its mandatory privacy breach notifications are already having an effect on the cyber insurance marketplace, says Thomas Clayton of Zurich Insurance.

Insurance

Insurance GDPR Privacy IT

Why DSPM is Essential for Achieving Data Privacy in 2024

Security Affairs

OCTOBER 23, 2024

General Data Protection Regulation (GDPR) The European Union’s General Data Protection Regulation (EU GDPR) offers a data privacy framework that applies to both EU and non-EU businesses. DSPM can play a significant role in helping organizations align their data privacy operations with the GDPR provisions.

Data Privacy

Data Privacy Privacy GDPR Compliance

Webinars

How to Achieve High-Accuracy Results When Using LLMs

MORE WEBINARS

British Airways GDPR Lawsuit: The Potential Impact

Data Breach Today

JANUARY 19, 2021

A Substantial Settlement Could Build Data Security Momentum British Airways could face a substantial compensation payout as a result of an ongoing group lawsuit over its 2018 data breach, the first of its kind under GDPR.

GDPR

GDPR Insurance Data breaches Security

Why Cyber Insurance is Essential in 2022

IT Governance

MAY 24, 2022

One of the most common ways to mitigate the risk of a cyber security incident is cyber insurance. These activities aren’t typically included in standard business insurance policies, which tend to only cover costs related to technical issues, such as corrupted hard drives and lost devices. The benefits of cyber insurance.

Insurance

Insurance Data breaches GDPR Ransomware

Two Years on from GDPR: Has It Driven Growth in Cybersecurity Insurance?

Dark Reading

SEPTEMBER 10, 2020

Whilst GDPR has put the spotlight on data privacy and cyber issues, there are other more prominent trends that are driving a greater take-up of cyber insurance, says Ben Maidment, Class Underwriter - Cyber, Physical & Technology at Brit Insurance.

Insurance

Insurance GDPR Data Privacy Cybersecurity

CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR

Hunton Privacy

JANUARY 5, 2024

Background The case related to the processing of an incapacitated employee’s personal data, including health data, by the medical service provider (“MDK”) of a health insurance fund in Germany. Under applicable law, the MDK draws up reports on the capacity of individuals insured by the health insurance fund to work.

GDPR

GDPR Personal data Insurance IT

How Much Cyber Liability Insurance Do You Need?

IT Governance

AUGUST 23, 2022

Cyber liability insurance helps organisations cover the financial costs of a data breach. Without insurance, organisations spend £3.6 By purchasing cyber liability insurance, organisations gain the resources they need at a fraction of the cost. What does cyber insurance include? First-party vs third-party insurance.

Insurance

Insurance Data breaches e-Delivery Risk

DORA Compliance Strategy for Business Leaders

Security Affairs

JUNE 14, 2024

In January 2025, European financial and insurance institutions, their business partners and providers, must comply with DORA. In January 2025, financial and insurance institutions in Europe and any organizations that do business with them must comply with the Digital Operation Resilience Act, also known as DORA. Can this be done?

Compliance

Compliance Insurance Risk Cloud

Data Breach: Turkish legal advising company exposed over 15,000 clients

Security Affairs

FEBRUARY 26, 2021

Inova is an actuarial consultancy company, which means they compile statistical analysis and calculate insurance risks and premiums. Document sent to the insurance company by the victim’s lawyer. Inova has been operating since 2012 and has handled thousands of cases since then. Sketch of the accident from the police report.

Data breaches

Data breaches Insurance Paper Access

Cyber-insurance – 72 hours for the insured party to file a criminal complaint: GDPR’s false friend

Data Protection Report

MARCH 21, 2023

2] In this context, the Directorate General of the French Treasury has put forward a plan of action with a view to clarifying the cyber-insurance legal framework, better gauging cyber-risks, and enhancing companies’ awareness as regards cyber-risks. 12-10-1 into the French Insurance code. However, in the end, Article L.12-10-1

Insurance

Insurance Data breaches Personal data GDPR

Guest Post - Data Privacy and Open Data: Secondary Uses under GDPR

AIIM

MARCH 26, 2018

You might also be interested in: Three Critical Steps for GDPR Compliance. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S. What Do the GDPR and new Privacy Laws Mean for U.S. GDPR Compliance Starts with Data Discovery.

GDPR

GDPR Data Privacy Privacy Compliance

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

AIIM

JULY 24, 2018

You might also be interested in: The Re-Permissioning Dilemma Under GDPR. Data Privacy and Open Data: Secondary Uses under GDPR. Three Critical Steps for GDPR Compliance. GDPR and Cross Border Data Flows between the EU and the US: Current State of the Law. What Do the GDPR and new Privacy Laws Mean for U.S.

GDPR

GDPR Compliance Privacy Data Privacy

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

DECEMBER 18, 2024

Srivatsav Ravi Srivatsav , CEO, DataKrypto Non-compliance with regulations, such as the European Unions General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), risks severe penalties. And industries like healthcare face persistent targeting due to their outdated systems and high-value data.

Compliance

Compliance Cybersecurity Risk Privacy

26 Cyber Security Stats Every User Should Be Aware Of in 2024

Security Affairs

FEBRUARY 8, 2024

Cyber Insurance: US cyber insurance premiums soared by 50% in 2022, reaching $7.2 Regulatory Compliance Challenges: Compliance with data protection regulations, such as GDPR and CPRA , remains a challenge for organizations, with non-compliance penalties averaging $5.5 million, up 15% in three years. The US topped the list at $5.09

Security

Security Phishing IoT Ransomware

Lloyd’s Will No Longer Include Nation-State Attacks in its Cyber Insurance Policies

IT Governance

AUGUST 25, 2022

Lloyd’s of London has announced that its insurance policies will no longer cover losses resulting from certain nation-state cyber attacks or acts of war. In a memo sent to the organisation’s insurance syndicates , Underwriting Director Tony Chaudhry said that Lloyd’s remains “strongly supportive” of policies that cover cyber attacks.

Insurance

Insurance IT Government Risk

CrowdStrike: Lessons on the Importance of Contracts, Insurance and Business Continuity

IT Governance

JULY 30, 2024

According to Parametrix , an insurance company specialising in Cloud outages, cyber insurance policies likely cover up to 10–20% of losses only. Then there’s insurance. You don’t want that type of breach, because it damages your brand – you could be fined under the GDPR, for example [ General Data Protection Regulation ].

Insurance

Insurance Risk Encryption Manufacturing

When Do You Need to Report a Data Breach?

Security Affairs

NOVEMBER 26, 2018

This is based on the General Data Protection Regulation (GDPR), which applies to any organization that handles the data of European Union citizens. Under the GDPR, an organization that experiences a personal data breach must notify the appropriate authorities within 72 hours of discovering it. In the U.S.,

Data breaches

Data breaches Personal data GDPR Cybersecurity

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

The Last Watchdog

APRIL 30, 2019

The CSF’s core principles have been incorporated into Europe’s GDPR , NYDFS’s cybersecurity requirement s, California’s Consumer Privacy Act and Ohio’s Data Protection Act. That could be for insurance purposes. “As As with any insurance, cyber insurance really requires due care.” Wrenn said. “So The stakes are high.

Cybersecurity

Cybersecurity Insurance Security Privacy

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

We have the benefit of learning from GDPR in Europe as well as other flavors of privacy laws in Canada, Utah, Virginia and other jurisdictions. Other companies may continue to rely on hiding the ball, scapegoating and relying on insurance to cover the losses. This could dovetail with a national information privacy law.

Cybersecurity

Cybersecurity Risk Government Compliance

BELGIUM: Belgian DPA provides first status update after six months of GDPR

DLA Piper Privacy Matters

NOVEMBER 26, 2018

The Belgian DPA has released a first status update six months after the GDPR became applicable. According to the Belgian DPA, the spectacular increase in the number of notified breaches can be explained by the mandatory notification that was expanded in the GDPR. Unlike in Portugal and Austria, no GDPR fines have been issued.

GDPR

GDPR Data breaches Financial Services Insurance

EUROPE: Are GDPR fines insurable in the countries where you operate?

DLA Piper Privacy Matters

MAY 17, 2018

DLA Piper and Aon have launched a guide ‘ The price of data security ‘, ahead of the General Data Protection Regulation (GDPR), effective from 25 May 2018. The guide reviews the insurability of GDPR fines across Europe, which can reach up to €20 million or, if higher, up to 4% of a group’s annual global turnover.

Insurance

Insurance GDPR Data breaches Personal data

Insurer Offers GDPR-Specific Coverage for SMBs

Dark Reading

FEBRUARY 20, 2019

Companies covered under the EU mandate can get policies for up to $10 million for fines, penalties, and other costs.

Insurance

Insurance GDPR

Belgian DPA Publishes Post-GDPR Activity Review

Hunton Privacy

NOVEMBER 26, 2018

On November 23, 2018, the Belgian Data Protection Authority (the “Belgian DPA”) published a review of its activities since the EU General Data Protection Regulation (“GDPR”) became applicable on May 25, 2018 (the “Review”). In the Review, the Belgian DPA makes the following observations: The GDPR in Numbers.

GDPR

GDPR Data breaches Financial Services Insurance

Over-Retention of Personal Data

Data Protection Report

SEPTEMBER 23, 2021

The matter involved one of France’s largest insurers, SGAM AG2R LA MONDIALE, which was subject to an inspection by the French data protection authority (the CNIL), in 2019. The CNIL’s inspection included the insurer’s compliance with Section 5-1(e) of GDPR , which reads: Personal data shall be. (e) Perhaps the CNIL’s €1.75

Personal data

Personal data Insurance GDPR Record destruction

The Impact of Remote Work and Cloud Migrations on Security Perimeters

Security Affairs

MAY 27, 2024

Ensuring compliance with industry regulations and standards in a cloud environment can be complex.

Cloud

Cloud Security Compliance B2B

Dutch Supervisory Authority Investigates GDPR Compliance in the Healthcare Sector

Data Matters

AUGUST 23, 2018

On 21 August 2018, the Dutch Supervisor Authority announced that it had conducted an investigation into the designation of a Data Protection Officer (DPO) under the General Data Protection Regulation (GDPR) by 91 hospitals and 33 healthcare insurers in the Netherlands.

GDPR

GDPR Compliance Insurance Privacy

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

And since the EU’s General Data Protection Regulation (GDPR) took effect May 25, 2018, IT compliance issues have been at the forefront of corporate concerns. GDPR, the EU’s flagship data privacy and “right to be forgotten” regulation, has made the stakes of a data breach higher than ever. GDPR-style data privacy laws came to the U.S.

Data Privacy

Data Privacy Compliance Privacy Security

Subject Access Request: Germany’s highest court widens the scope of data subject access requests in Germany

Data Protection Report

JULY 28, 2021

The FCJ held that Article 15 of the EU General Data Protection Regulation (GDPR) has a broader scope than previously understood in Germany. The defendant was a life insurance company and the claimant their insured. The defendant was a life insurance company and the claimant their insured.

Access

Access GDPR Personal data Insurance

GUEST ESSAY: A guide to implementing best security practices — before the inevitable breach

The Last Watchdog

OCTOBER 29, 2018

the Health Insurance Portability and Accountability Act (HIPAA)), the answer is generally that a company should implement a “reasonable data privacy and security program” under all circumstances. Insurability. In the absence of a law that contains prescriptive requirements (e.g.,

Security

Security Data Privacy Privacy Data breaches

Wake up to the reality of the GDPR: What you need to know about compliance

IT Governance

JANUARY 30, 2019

With a mammoth GDPR fine handed out to Google last week, it’s time for organisations to reassess their understanding of the Regulation. We’re through the eye of the GDPR (General Data Protection Regulation) storm. The GDPR concerns personal data that is: Collected in an enterprise context; and. Some began to lose faith.

GDPR

GDPR Compliance Personal data Data breaches

A Guide to CCPA Compliance and How the California Consumer Privacy Act Compares to GDPR

erwin

APRIL 18, 2019

California Consumer Privacy Act (CCPA) compliance shares many of the same requirements in the European Unions’ General Data Protection Regulation (GDPR). Luckily, many organizations have already laid the regulatory groundwork for it because of their efforts to comply with GDPR. CCPA Compliance Requirements vs. GDPR FAQ.

GDPR

GDPR Compliance Privacy Personal data

CIAM in insurance: A unified, secure user experience with a single login

Thales Cloud Protection & Licensing

MAY 26, 2023

CIAM in insurance: A unified, secure user experience with a single login madhav Fri, 05/26/2023 - 07:33 In recent years, the insurance industry has transformed from a singularly focused entity to a multi-brand or multi-service type of business. Adding value to the user experience (a top priority for 59% of insurers) 2.

Insurance

Insurance Digital transformation Security Authentication

Patch your vulnerabilities now or risk punishment under the GDPR

IT Governance

JANUARY 19, 2018

In the wake of the Meltdown and Spectre flaws revealed on 3 January 2018, the Information Commissioner’s Office (ICO) has warned that existing vulnerabilities could lead to punishment when the EU General Data Protection Regulation (GDPR) is enforced. The Cyber Essentials scheme will also help organisations comply with the GDPR and other laws.

GDPR

GDPR Risk Insurance Government

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

Hunton Privacy

DECEMBER 1, 2020

million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation (“GDPR”) and Article 82 of the French Data Protection Act governing the use of cookies. The group has diversified its activities into the banking and insurance, travel agency and e-commerce sectors.

GDPR

GDPR Personal data Data collection Marketing

62% of organisations unaware of the GDPR

IT Governance

FEBRUARY 23, 2018

There is an alarming lack of awareness across all industries about the EU General Data Protection Regulation (GDPR) , according to a government survey. As you would expect, larger organisations were more likely to be aware of the GDPR. Preparing for the GDPR. The survey split respondents into businesses and charities.

GDPR

GDPR Compliance Insurance Personal data

Rise in cyber attacks leads to cyber insurance business soaring

IT Governance

FEBRUARY 5, 2018

Increased interest in cyber insurance. With more than 800 million records being leaked in 2017 ( find out more in our Breaches and Hacks Blog Archive ), it’s not surprising that cyber insurance business has increased in recent months. Insurers assess an organisation’s cyber risk to set premium levels.

Insurance

Insurance Risk Government GDPR

These 3 GDPR Requirements You Must Support Today are Nothing Compared With What’s Coming

Reltio

AUGUST 16, 2018

On May 25, 2018 GDPR (General Data Protection Regulation) went into effect. The primary objectives of the GDPR are to give control back to their EU citizens and residents over their personal data, to simplify the regulatory environment for international business, and to unify regulations within the European Union.

GDPR

GDPR MDM Compliance Personal data

Government survey reveals GDPR awareness is falling short

IT Governance

FEBRUARY 8, 2018

The Cyber Security Breaches Survey 2018 from the Department for Digital, Culture, Media and Sport (DCMS) has revealed that only 38% of businesses and 44% of charities have heard of the General Data Protection Regulation (GDPR). Are your staff aware of the GDPR? Key findings. Don’t let your staff be your downfall.

GDPR

GDPR Government Education Compliance

Keeping Up with New Data Protection Regulations

erwin

APRIL 11, 2019

Keeping up with new data protection regulations can be difficult, and the latest – the General Data Protection Regulation (GDPR) – isn’t the only new data protection regulation organizations should be aware of. Less than four months before GDPR came into effect, only 6 percent of enterprises claimed they were prepared for it.

GDPR

GDPR Compliance e-Discovery Metadata

California Enacts Broad Privacy Laws Modeled on GDPR

Data Matters

JUNE 29, 2018

According to the bill’s author, it was consciously designed to emulate the new European General Data Protection Regulation (GDPR) that went into effect on May 25, and if and when it goes into effect, it would constitute the broadest privacy law in the United States. law, consumers and the marketplace have been comfortable with to date.

GDPR

GDPR Privacy Sales Data breaches

CNIL Publishes Guidance on Web Scraping and Re-Use of Publicly Available Online Data for Direct Marketing

Hunton Privacy

MAY 4, 2020

Companies that collect, for their own purposes, all the personal data from a given geographic area in online directories and then use the data to send their own direct marketing communications ( e.g. , an insurance company to sell insurance products). Respecting the individual’s right to object as provided for in the GDPR.

Marketing

Marketing GDPR Communications Personal data

9 cyber security predictions for 2022

IT Governance

FEBRUARY 15, 2022

Cyber insurance will become more popular and more comprehensive. It’s led to a growing trend for organisations to purchase cyber insurance, which Forbes contributor Emil Sayegh believes will continue in 2022. This market squeeze will certainly affect the cyber insurance industry itself. “We

Security

Security Insurance Authentication Passwords

Dutch DPA Investigates the Data Processing Agreements of 30 Organizations

Hunton Privacy

JANUARY 18, 2019

Article 28 of the EU General Data Protection Regulation (the “GDPR”) requires data controllers enter into data processing agreements with data processors. Since the GDPR came into force on May 25, 2018, the Dutch DPA regularly verifies whether organizations comply with its legal requirements. View the press release (in Dutch).

Personal data

Personal data GDPR Insurance IT

Breach Roundup: Swedish Insurer Fined $3M for GDPR Breach

How Cyber Insurance Is Changing in the GDPR Era

Webinars

Trending Sources

Why DSPM is Essential for Achieving Data Privacy in 2024

Webinars

British Airways GDPR Lawsuit: The Potential Impact

Why Cyber Insurance is Essential in 2022

Two Years on from GDPR: Has It Driven Growth in Cybersecurity Insurance?

CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR

How Much Cyber Liability Insurance Do You Need?

DORA Compliance Strategy for Business Leaders

Data Breach: Turkish legal advising company exposed over 15,000 clients

Cyber-insurance – 72 hours for the insured party to file a criminal complaint: GDPR’s false friend

Guest Post - Data Privacy and Open Data: Secondary Uses under GDPR

GDPR Compliance Obligations: The relationship between Data Controllers and Third-Party Processors

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

26 Cyber Security Stats Every User Should Be Aware Of in 2024

Lloyd’s Will No Longer Include Nation-State Attacks in its Cyber Insurance Policies

CrowdStrike: Lessons on the Importance of Contracts, Insurance and Business Continuity

When Do You Need to Report a Data Breach?

MY TAKE: NIST Cybersecurity Framework has become a cornerstone for securing networks

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

BELGIUM: Belgian DPA provides first status update after six months of GDPR

EUROPE: Are GDPR fines insurable in the countries where you operate?

Insurer Offers GDPR-Specific Coverage for SMBs

Belgian DPA Publishes Post-GDPR Activity Review

Over-Retention of Personal Data

The Impact of Remote Work and Cloud Migrations on Security Perimeters

Dutch Supervisory Authority Investigates GDPR Compliance in the Healthcare Sector

Security Compliance & Data Privacy Regulations

Subject Access Request: Germany’s highest court widens the scope of data subject access requests in Germany

GUEST ESSAY: A guide to implementing best security practices — before the inevitable breach

Wake up to the reality of the GDPR: What you need to know about compliance

A Guide to CCPA Compliance and How the California Consumer Privacy Act Compares to GDPR

CIAM in insurance: A unified, secure user experience with a single login

Patch your vulnerabilities now or risk punishment under the GDPR

CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

62% of organisations unaware of the GDPR

Rise in cyber attacks leads to cyber insurance business soaring

These 3 GDPR Requirements You Must Support Today are Nothing Compared With What’s Coming

Government survey reveals GDPR awareness is falling short

Keeping Up with New Data Protection Regulations

California Enacts Broad Privacy Laws Modeled on GDPR

CNIL Publishes Guidance on Web Scraping and Re-Use of Publicly Available Online Data for Direct Marketing

9 cyber security predictions for 2022

Dutch DPA Investigates the Data Processing Agreements of 30 Organizations

Stay Connected