On 10 April 2018, I participated to a panel in London organized by the Federation of Defense and Corporate Counsel (FDCC) on the topic of Cyber Liability, Exposures and what lies ahead with the new General Data Protection Regulation (GDPR) which will come in force on 25 May 2018. I spoke about cross border differences between the USA and Europe, how Europe looks like today and how it will after May 2018. With mandatory breach notifications ahead, hefty fines (up to 4% of the annual global revenue or 20M€ which ever is greater), a full compensation principle for data subjects whose data have been compromised (for material and non-material damages) and class actions enshrined in the new Regulation, there are no doubts that the situation in Europe will get closer to the one in the USA. Even pre-GDPR however, some Courts in Europe have taken some landmark decisions. This is the case in the UK where the courts have in the last 2 years taken decisions expanding the definition of personal data, granting the right to sue without having suffered economic damages, financially compensating emotional distress and allowing the first data breach related class action to proceed.
With the new GDPR in place, there is an expectation that the Cyber Insurance intake will increase in order to protect breached entities from higher exposures.
Location: London, UK