Data Protection – changes ahead and risks to insure

22nd August 2017

Article written by:

Chris from iContract

The Data Protection Act that came into being in 2000 will be replaced by the General Data Protection Regulation (GDPR) in May 2018.

The aim is to bring data protection law up to date so it reflects today’s user values, behaviours and use of online and social platforms by society.

The GDPR is structured in such a way to give people greater control over their personal information whilst aiming to unify EU data regulations. It has been made clear that the GDPR will not be affected by Brexit for those in the UK.

The definition of personal data, as set out by the European Commission is wide ranging. Whilst we are all aware that confidential information such as bank details or medical records are covered by data protection it will be the case in May data such as names, social media posts and photographs – in fact anything that identifies you – will be covered by the new legislation.

Many professional organisations, including accountancy practices, legal firms, brokers of varying types, recruitment agencies, umbrella and payroll companies will need to carefully assess their data handling, procedures and safeguards. Such reviews and evaluations have already begun for many. Over the coming months the updating of privacy policies and the obtaining of permissions for all types of data will be necessary.

With reviews commencing in earnest it will be timely to dust off and check current insurance policies to ensure coverage shortfalls are addressed and that cyber risk is properly considered.

Cyber insurance covers the losses relating to damage to, or loss of information from, IT systems and networks. While existing insurance policies such as a business interruption or perhaps professional indemnity may provide some cover against certain aspects of cyber risks it is increasingly apparent that UK businesses are considering bespoke cyber risk insurance to ensure more robust coverage. The majority of policies acquired are by those businesses who:

  • Rely to a high extent on websites in the conduct of their business
  • Hold customer data including addresses and bank details of individuals and companies
  • Regularly process payments where cards are used

With the recent increase in cyber-attacks and security breaches resulting in loss of data and often funds cyber risk has inevitably become a boardroom “ hot topic “.

The Information Commissioners’ Office who already has significant enforcement powers under the current DPA will oversee a new regime of fines brought in by the GDPR to ensure compliance by those handling data. It is therefore essential that you read up on the subject and know your responsibilities.

If you would like to know more about cyber risk insurance you can contact Adrian Stewart at Caunce O’Hara at – or on 0161 833 2100

Caunce O’Hara are one of iContract’s trusted service partners, visit our services page here to request more information.