<img width="650" height="433" src="https://executivemagazine.pl/wp-content/uploads/2022/10/Szymon-Bak-650x433-2.jpg" class="attachment-full size-full wp-post-image" alt="<strong>We still have a problem with data protection</strong>" title="<strong>We still have a problem with data protection</strong>" decoding="async" fetchpriority="high" srcset="https://executivemagazine.pl/wp-content/uploads/2022/10/Szymon-Bak-650x433-2.jpg 650w, https://executivemagazine.pl/wp-content/uploads/2022/10/Szymon-Bak-650x433-2-400x266.jpg 400w, https://executivemagazine.pl/wp-content/uploads/2022/10/Szymon-Bak-650x433-2-250x167.jpg 250w, https://executivemagazine.pl/wp-content/uploads/2022/10/Szymon-Bak-650x433-2-150x100.jpg 150w, https://executivemagazine.pl/wp-content/uploads/2022/10/Szymon-Bak-650x433-2-50x33.jpg 50w, https://executivemagazine.pl/wp-content/uploads/2022/10/Szymon-Bak-650x433-2-100x67.jpg 100w, https://executivemagazine.pl/wp-content/uploads/2022/10/Szymon-Bak-650x433-2-200x133.jpg 200w, https://executivemagazine.pl/wp-content/uploads/2022/10/Szymon-Bak-650x433-2-300x200.jpg 300w, https://executivemagazine.pl/wp-content/uploads/2022/10/Szymon-Bak-650x433-2-350x233.jpg 350w, https://executivemagazine.pl/wp-content/uploads/2022/10/Szymon-Bak-650x433-2-450x300.jpg 450w, https://executivemagazine.pl/wp-content/uploads/2022/10/Szymon-Bak-650x433-2-500x333.jpg 500w, https://executivemagazine.pl/wp-content/uploads/2022/10/Szymon-Bak-650x433-2-550x366.jpg 550w" sizes="(max-width: 650px) 100vw, 650px" data-eio="l" />

We still have a problem with data protection

October 24, 2022

Although GDPR has been in force for more than four years now, there are still quite a few companies making basic mistakes in applying the regulations. Is it possible to insure against their consequences? Yes, with the help of cyber insurance and D&O insurance.

For most people, it seems that the most ‘erroneous’ issue is the use of the data collected and how the data subjects are notified about how the data are being processed. However, it turns out that we also have a lot of problems with the complete basics.

We rely on the old rules

Many companies still apply rules derived from the Security Policy and IT System Management Instructions, and these are rules which date back about 15 years and are not in line with RODO! Moreover, the way all data, including personal data, is stored and processed has changed drastically since then. Today, all processes have become digitalised. This means that we face a different type of risk of their leakage, which, in addition, is much higher than in the days when paper was in dominance. In this situation, cyber security plays a crucial role.

We misinterpret the definition of personal data

Here again, we cannot ‘wean ourselves off’ the old rules. Previously, only identifying information was considered personal data. According to the definition set forth in the GDPR, personal data is all information about an identified or identifiable natural person. This means that it is not only about name, surname, date of birth, gender and the like. Personal data include also, for example, information about properties or vehicles owned. And also photos and tags posted on social networks!

We process personal data unlawfully

Mistakes also made as a result of formal complexities. In order for data processing to be lawful, it must comply with the conditions set forth in specific articles of the GDPR – 6 and 9. Where, then, can mistakes be made? By applying them separately. Article 6 is the basis and Article 9 only supplements it in the case of specific, so-called “sensitive” data.

Insurance as a lifeline?

Cyber insurance is the backbone. Among other things, it allows for a payout to cover the costs associated with securing and restoring digital assets if a leak occurs as a result of a hacking attack or human error. More importantly, however, the assumption behind the insurance is that is covers the costs of the actions required to be taken under the GDPR provisions, i.e. carrying out an information campaign among potential victims of a leak. In addition, it provides for reimbursement of the costs associated with administrative and judicial proceedings and the payment of damages. In general, a cyber policy may also include coverage of fines imposed under the GDPR.

A well-designed protection scheme should include yet another type of policy – D&O, or Directors’ and Officers’ liability insurance. After all, irregularities in records keeping, personal data defining and processing of data in accordance with legal regulations are usually the result of an inappropriate decision made by a specific individual. The company’s owners or shareholders may therefore bring claims against the decision-makers whom they want to hold accountable for their losses. For example, they may expect to be reimbursed for administrative fines or compensated for other damages resulting from a GDPR incident. And a D&O insurance will ensure that the managers held ‘liable’ are covered for defence costs and other losses if these are indeed found to result from negligence.

Author: Szymon Bąk, Cyber Insurance Specialist from EIB S.A.

Last Updated on October 24, 2022 by Anastazja Lach

We still have a problem with data protection

EC speakers: Nancy Giordano „The Enterprise of the Future” | Executive Forum 2020

FRAMEWORK AGREEMENTS i.e. Transferring IP Rights Once And For All

Britenet – 15 years of partnership in professionalism

Jerzy Kufel, founder and CEO at ITEO. Setting the course for digital transformation

How to strike a balance in the digital world?

Evolution of the construction industry in the face of climate challenges. Artur Popko, President of the Budimex SA Group

Small steps towards the goal. ZOPI after 4 years of activities with Anna Oleksiewicz at the helm

Sustainable construction – meaning what?

From energy efficiency to the 5G campus network. How to do it right. Artur Pollak, PhD, Eng, President of the Management Board of APA Group

Use the potential of insurance guarantees