In this episode of OnRisk, Lucas Tanglen and Jeff Meagher discuss the cyber insurance implications of the European Union’s new privacy regulation—the General Data Protection Regulation or GDPR.
The GDPR, which took effect on May 25, 2018, is a far-reaching regulation that imposes obligations on any U.S. company that “processes” the personal data of individuals located in the EU regardless of whether that company has a physical presence in the EU. In addition, it allows European regulators to impose fines as high as 20 million euros or 4 percent of a company’s total worldwide revenue, whichever is higher, on violators. As a result, it has attracted considerable attention on both sides of the Atlantic. This podcast discusses the cyber insurance implications of the GDPR, including whether cyber insurance policies issued to U.S. policyholders cover GDPR-related liabilities, the insurability of GDPR-related fines, and the GDPR-related endorsements that are currently being added to cyber insurance policies in the United States.