New European Union (EU) legislation on cyber security will result in complex technological, process and governance challenges for organisations across Europe, according to Marsh.
The insurance broking and risk advisory group reports that following a vote earlier this month by the EU’s committee on civil liberties, justice and home affairs (LIBE), far-reaching changes to data protection regulation, which will replace 1995’s Data Protection Directive (95/46/EC), are a step closer to being introduced next year.
The new regulation means that as well as redesigning their IT systems, companies involved in the collection and processing of personal data will also be required to update their compliance procedures.
Designed to respond to the evolving technological environment in which EU citizens live and work, the measures detailed in the proposed regulation include: fines of up to €100m or 5% of global turnover, whichever is the greater; stringent authorisation regarding the transfer of data to non-EU countries; the ‘right to be forgotten’; and the appointment of a data protection officer in organisations that process more than 5,000 records in a 12 month period.
“The cost to business of implementing the changes required to comply with this piece of regulation may be significant, but the cost of failing to comply could be far greater,” said Stephen Wares, Marsh’s cyber liability practice leader for Europe, the Middle East and Africa (EMEA).
“It is clear that there is a strong will from the EU to give national regulators increased powers, with the suggested fining structure acting as an effective deterrent for non-compliance.
“While the deadline for implementation next year remains fluid, organisations should start considering the effect of the regulation on their operations and begin a process for ensuring compliance. Firms should also consider the effectiveness of their existing insurance arrangements and whether there are other alternatives that could more adequately provide the protection needed to reflect their changing risk profile.”
Despite the data protection regulation being implemented in 2018, 69% of IT decision makers don’t have the backing of their board to achieve GDPR compliance, according to Calligo.
The US dollar and debt yields falling on the North Korea missile test, treasury being a top target for cyber criminals and why treasurers aren't into real-time payments all hit the latest headlines in the world of treasury this week. Don't miss our ten top news stories from around the world.
Treasurers are being expected to do more work with fewer resources than ever before, so it is little wonder that the automation of day-to-day operations was highly discussed on the second day of EuroFinance, the annual treasury event held in Barcelona this week.
Chicago based Treasury Management System (TMS) vendor GTreasury and Sydney based risk and treasury management vendor Visual Risk have joined forces in a strategic alliance to ... read more