How GDPR Will Expand Your D&O Liability

By mjackson
GDPR Articles Image

On 25 May 2018, the General Data Protection Regulation (GDPR) comes into effect, which expands the rights of individuals and their data while placing greater obligations on organisations that process personal data.

As cyber-related requirements become more stringent under the GDPR and directors and officers (D&Os) shoulder more liability than ever before, industry experts are wondering whether D&Os will soon be held personally liable for cyber-breaches or neglecting to prioritise cyber compliance. D&Os who disregard their responsibility to ensure an organisation-wide commitment to the GDPR and cyber compliance could face legal action after a data breach. In fact, there have been four cases brought against directors in the United States for cyber-attacks, including Target and Home Depot executives.

In order to ensure that your organisation’s directors and officers are prepared for the new responsibilities placed upon them by the GDPR, consider making the following revisions:

  • Ensure your D&O liability policy does not contain any specific exclusions about data breaches.
  • Prioritise cyber-security at the highest level of your organisation by building cyber-governance into your organisational structure. Emphasise that cyber-security and GDPR compliance is the entire organisation’s concern, from the board members all the way down to the interns.
  • Review your organisation’s process for collecting clients’ consent. Whatever your process may be, it must provide an active opt-in. Additionally, keep well-organised records that clearly outline what individuals have consented to, what they were told, and when and how they consented.

As the GDPR will come into force in less than a year, your organisation must begin implementing the necessary protections as soon as possible. In fact, certain UK companies, like Wetherspoons, are already making decisions to scrap their entire email mailing lists for fear that they will violate the GDPR.

For more information about what measures your organisation can take to better prepare for the GDPR, contact MFL today.