Marsh: firms should prepare now for EU cyber data rules

Companies should start preparing now for the EU’s new data protection rules despite the rules’ ‘fluid’ implementation deadline, says global broker Marsh.

The company said progress towards introducing the new rules next year had taken a step closer following a vote earlier this month by the European Union’s Committee on Civil Liberties, Justice and Home Affairs.

The rules will replace the 1995 Data Protection Directive, and are designed to respond to the evolving technological environment in the EU.

Proposed measures include the introduction of fines for non-compliant companies of the greater of €100m (£86m) or 5% of global turnover, and stringent authorisation for the transfer of data to non-EU countries.

According to Marsh, the new regulation will result in complex technological, process and governance challenges for companies across Europe.

Marsh’s Europe cyber liability practice leader Stephen Wares said: “It is clear that there is a strong will from the EU to give national regulators increased powers, with the suggested fining structure acting as an effective deterrent for non-compliance.

“While the deadline for implementation next year remains fluid, organisations should start considering the effect of the regulation on their operations and begin a process for ensuring compliance. Firms should also consider the effectiveness of their existing insurance arrangements, and whether there are other alternatives that could more adequately provide the protection needed to reflect their changing risk profile.”