Insurance lawyers predict GDPR will lead to a flurry of D&O claims

GDPR could prompt an upsurge in directors and officers liability insurance.

This is according to insurance lawyers, who predict the regulation on data protection will lead to many more D&O claims.

Jane Childs is a partner in Mayer Brown’s London insurance practice, specialising in D&O claims, and she said GDPR would require company directors and officers to put a much stronger emphasis on ensuring they are protected against this threat against them.

“The ‘go-live’ date for GDPR is a very significant watershed,” she predicted, warning that directors and officers could not afford to ignore this issue in the event of a data breach.

“There is a risk that Ds and Os will see GDPR compliance as something they can delegate to leave to GDPR specialists, or delegate to their compliance staff. 

“In fact there is significant scope for regulatory action and civil claims against directors and officers who are responsible for breaches not just of the GDPR, but also wider obligations of their companies in relation to privacy and data.

“The good news about the implementation of GDPR is that it has caused those businesses who process or control personal data to focus on what data their organisations have, and what they do with it; and in our experience it has also caused them to focus on the need to ensure that they have adequate D&O cover in place.” 

Directors exposed

Michael Howard, member of the Directors & Officers SFT at the Forum of Insurance Lawyers (FOIL), and partner at Brown Jacobson, agreed that GDPR would leave directors and officers more exposed to claims.

He highlighted that the increase in class actions and litigation funding available for D&O claims would further fuel the possibility of action.

He said: “GDPR has placed a spotlight on the value of consumer data which is now being recognised as a valuable commodity.

“As a result, the level of fines have been set high, which if a company is subject to any investigation it will doubtless have negative publicity, loss of clients and consequent financial impact.

“One key example here is Cambridge Analytica, who received significant negative publicity after it came to light that they had be processing data harvested from Facebook, and were forced to close within weeks.

“As a result it is no surprise that Directors will be exposed to D&O claims if reasonable steps have not been taken to protect that consumer data and the business from data breaches.”