Perhaps I am being a bit naive but surely an insurance premium is always (or should be!) related to risk and the cost of failure. So if the risk of failure is higher, the premium rises. And if the cost of remediation is higher, the premium rises.
So in this case, what has changed? The risk of failure is likely to be little different from pre-GDPR. The costs associated with failure have been portrayed by the media as being significantly higher, due to the vastly increased maximum penalties that the authorities can levy under GDPR. However, the ICO has given specific reassurances here that they do not intend to use this to punish organisations. The maximum fines would only be issued in the absolutely worse-case scenarios. For the most part, they expect fines for GDPR data breaches to be broadly similar to what we have seen under breaches of the Data Protection Act.
So, in my humble opinion, insurance premiums should be broadly similar and no major differences under GDPR as under prior legislation (from an insurance perspective, anyway).
The only issue that I see here is a greater awareness of data privacy issues. So whilst it may only be basic customer information at risk from a customer services perspective, the customer may also be seeing potential risks associated with the data held in your EPOS systems that they're using. Whilst the customer is the data controller, there may be potential liability issues for PX Tech as the supplier if there is a cyber-security failure of an EPOS system. For example, could a software failure result in release of credit card details that are stored in an EPOS system? This is purely conjecture of course but perhaps something that customers might be thinking around.
Regards,
Eldin Rammell
Rammell Consulting Ltd.
To view the list archives go to: https://www.jiscmail.ac.uk/cgi-bin/webadmin?A0=RECORDS-MANAGEMENT-UK
To unsubscribe from this list, send an email to [log in to unmask] with the words UNSUBSCRIBE RECORDS-MANAGEMENT-UK
For any technical queries re JISC please email [log in to unmask]
For any content based queries, please email [log in to unmask]
|