GDPR insurance: Are fines insurable? - YouTube

Hi, it’s Jan again from exali. I’m happy that you’re back with us. Today

we have a particularly great topic, namely the GDPR. Yes, since the GDPR came into force

we keep getting inquiries at exali from our customers about how

insurance coverage looks with the GDPR, and whether data protection violations that you

cause with your clients are covered, and whether GDPR fines can be insured at all. We’ll

tell you about how things look after a quick intro.

We’ve all heard the media reports about millions in fines that are being paid by companies due to GDPR infringements.

And as a freelancer or small business, you naturally wonder how

you could pay such a fine if worst comes to the worst. But I can reassure

you here that the amount of the GDPR fine is based, among other things, on the

annual net turnover. That means the larger a company is and the more annual net turnover

they earn, the higher the GDPR fines are generally in the event of a violation.

Since small businesses or freelancers usually don’t generate high

annual net turnover, the fines are of course also correspondingly lower here.

Now, you would probably like to know how high a GDPR fine would be in your case. I’ll put a

video up there, so you can find out how you can calculate your personal GDPR fine.

Now we can get to the important question of how GDPR fines can be insured.

The good news in advance is that GDPR fines due to a data protection violation

are insured as long as this is possible under applicable law. But you still have to

distinguish two cases here: the first is that you yourself get a GDPR fine, and the

second is that you are responsible for one of your clients receiving a

GDPR fine. Let’s look at the first case that you

receive a GDPR fine, for example, because you accidentally make important customer information public.

As already mentioned, as long as it is possible under applicable current law, the GDPR fine would

also be insured. Now for the second case, where you’re working for a client and

make a mistake, and because of that a data breach happens and your client receives a GDPR

fine from the data protection authority. And now the client demands compensation from you

through the so-called right of recourse. Such damage is so-called third party damage.

In this case that would be a financial loss. You caused a financial loss to your client through your mistake.

This is of course naturally covered by your professional indemnity insurance as well.

The important thing for you is that if you don’t have high annual net turnover yourself,

your personal GDPR fine probably won’t be that high. But you should always

keep in mind that if you’re working for a large client such as an automobile manufacturer, for example,

it can always happen that if you’re responsible for a data breach there, and the automobile manufacturer

receives a fine from the data protection authority, and your client demands compensation

from you, this can quickly run into the millions.

That’s why you should always think about this when you take out professional indemnity insurance, namely

how much should your coverage amount be. The bigger your clients are, the higher your

coverage amount should be. You should always assume the greatest possible damage here.

Think about what would be the greatest possible harm you could cause. And then you should

choose your coverage accordingly. So the whole thing is a little bit clearer,

I have two case studies, where you you can see how the insurance works

in the event of GDPR violations. In the first case, let’s take as an example an

IT service provide who is supposed to program a new website for his client. Due to a

programming error, however, there is a vulnerability and sensitive customer data

is made freely accessible online. Your client then receives a high fine from the data protection authority

for this gross data protection violation. The client has to invest a lot of money on the one hand

to close the security gap and on the other hand to reduce both the image damage and pay the fine

as well as the costs to reduce the damage to their image. So they demand compensation from the IT service provider for these costs.

However, the IT service provider has professional indemnity insurance with exali.com,

who assumes the compensation payment for him. In the second case, let’s take the example of

an online shop operator who sends weekly advertising emails to their customers.

They have the consent of their customers for this, but unfortunately forgot to document the

consent sufficiently. And during a a routine check by the responsible data protection

authority, the online shop operator can’t demonstrate the consent to the data

protection authority. As a sanction, the the online shop operator receives a fine from

the data protection authority. But because he has a professional indemnity insurance through exali.com

the fine is also covered as long as this is permitted

according to applicable law. To sum things up, you can say as long as it’s permitted under

applicable law, your exali.com professional indemnity insurance comprehensively covers GDPR violations.

We can offer you professional indemnity insurance for a wide variety of areas

regardless of whether it’s media consulting, service provision or IT services. If you have any questions about

comprehensive coverage then please call our experts at our customer service.

I'll put the phone number and email address beneath the video. I’ll also put a link to all the information

on the GDPR, proper insurance and fines in an article in the video box below.

Otherwise, thank you for watching. If you liked the video

give us a like and subscribe to the exali channel. And we’ll see each other next time.