Barney Hatcher, business insurance specialist at NFU Mutual

Hospitality businesses have exactly two weeks today until the new General Data Protection Regulation (GDPR) comes into effect (25 May). Insurer NFU Mutual advises businesses to check whether their insurance cover would protect them with legal support in the event of a data protection breach.

The insurer advises that defending legal action from regulatory bodies as a consequence of a breach could be covered as part of specialist business insurance, such as Director’s and Officer’s and Cyber cover. Fines issued in court for a GDPR breach can reach up to €20million, or 4% of turnover whichever is the greater, regardless of the size of the company.

Barney Hatcher, business insurance specialist at NFU Mutual, said: “It’s very difficult to hypothesise about how GDPR will affect businesses until the new law comes into effect, and each claim and case is different. However, as long as there has been no determination of intentional and/or, gross negligence of the law, a good D&O or Cyber insurance policy should include cover to defend a case against a regulatory body such as the Information Commissioner’s Office (ICO), so we would urge businesses to check their policy wording. Of course, the client can’t be complacent with GDPR and needs to take steps to ensure they are compliant, but it may be reassuring to have legal help within reach if a genuine mistake is made.

“There are also other ways in which an insurer could support. For instance once initiated by the policyholder, Cyber cover can pick up the task of informing the ICO of a breach of personal data within the required 72-hour period, as well as covering for individual compensation claims as a result of data loss. D&O and Cyber policies also often include the support of a PR agency to manage reputational impact.”

Reports in the media claim that there is some disparity and confusion in the way that GDPR is currently being handled by businesses and that many may be noncompliant.

Barney continued: “In very simple terms, there are two main aspects of GDPR changes for businesses to consider. Making sure that they tell people what they are doing with the data that they hold about them in a clear and simple way, and making sure that people understand and have consented to marketing activity where appropriate. If businesses are confused about GDPR they should visit the ICO website. For insurance purposes it’s important that businesses evidence the steps that they are taking to become GDPR compliant, which is something we would look for in the event of a claim.”

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData

Tick here to opt out of curated industry news, reports, and event updates from Verdict Food Service.

Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.