GDPR is designed to harmonise data privacy laws across Europe and to protect citizens’ data privacy. It not only applies to organisations within the EU but also to firms that do business inside member states.
Companies who fail to comply with the regulation can be fined up to 4% of annual global turnover, or €20 million.
The GDPR was ratified following four years of negotiation, replacing the existing data protection directive. Unlike an EU directive, which can be implemented over a certain time, the regulation is made law once it begins in May 2018, meaning penalties can be imposed from day one.
Cybersecurity experts have warned that companies must begin their preparations now for the GDPR, which has 90 different principles related to data protection. However Marsh UK & Ireland said GDPR was an opportunity for firms and should not be feared.
Cyber-risk leader at Marsh UK & Ireland, Peter Johnson said: “Rather than regarding compliance with the GDPR to be a costly and disruptive undertaking, Irish firms should see it as an opportunity. These organisations can improve how they safeguard personal information, boost their understanding of how data can add value to their business, and forge a new relationship with clients based on enhanced transparency and security that can further build trust.”
Marsh said that in preparation for what it called the most significant change to the EU’s data protection laws in over 20 years, firms need to review their procedures for managing personal data.
It recommended firms re-examine their current insurance arrangements to ensure any applicable indemnity limits will cover the costs associated with investigations and breaches under the GDPR.
Marsh Ireland regional leader Charles Barry said: “The GDPR will go a long way towards helping Irish firms repair the breakdown in trust with their clients in terms of how personal data is used, enabling proactive businesses to take greater advantage of the data-driven economy.”