Aon plc has launched a risk management solution designed to help organizations prepare for a new data protection law due to come into force on May 25, 2018.
The law, known as the EU General Data Protection Regulation, or GDPR, will lead to stronger enforcement powers and higher fines, affecting every organization with operations in the European Union, Aon said in a statement.
Aon’s risk management solution will help protect “against some of the potential financial impacts of the regulation,” the broker added.
The regulation introduces stricter requirements on organizations’ processing of personal data, a mandatory data breach notification regime and tougher enforcement powers for regulators including fines of up to 4 percent of annual worldwide turnover and strengthened audit and investigatory powers, Aon explained.
Aon’s EU Data Protect includes:
- GDPR Readiness Assessment: A tool to assist organizations identify, prioritize and remediate gaps in their compliance program and understand and mitigate data protection risks in accordance with GDPR.
- Cyber Impact Analysis: Sophisticated modeling of the financial impact from data breaches under GDPR and more broadly to provide a comprehensive understanding of the cyber exposures facing the business
- EU GDPR Insurance Endorsement: This acknowledges the GDPR in a qualifying cyber policy which includes fines and penalties where insurable by law and costs of defending regulatory action. This endorsement also provides for some regulator required experts’ fees arising from certain loss events
- Incident and Claims Response: Access to specialist post-event advisory services, including incident response, digital forensics and claims handling capabilities to expedite remediation and claims settlement
“The GDPR represents a significant regulatory challenge facing firms that do business in the EU,” said Renette Pretorius, Cyber Practice Leader, Aon’s Global Broking Centre in London.
“Its mission is to give citizens back the control of their personal data and equip regulators with sufficient enforcement powers to address the evolving digital landscape and tougher privacy challenges – a change heavily felt across many companies. All businesses operating in the EU, no matter where they are located, should prepare for the impact of this regulation,” Pretorius continued.
“Organizations that do not identify and address compliance gaps in their marketing practices, data handling and data breach response protocols do so at their own peril,” said Andrea Garcia Beltran, EMEA Cyber Sales leader, Aon’s Global Broking Centre in London.
“Business interruption losses are appropriately ‘front of mind’ for many EMEA organizations, but potential liability of up to 4 percent of an organization’s turnover must be added in to the risk management thought process,” Beltran added.