New European Union (EU) legislation on cyber security will result in complex technological, process and governance challenges for organisations across Europe, according to Marsh.
The insurance broking and risk advisory group reports that following a vote earlier this month by the EU’s committee on civil liberties, justice and home affairs (LIBE), far-reaching changes to data protection regulation, which will replace 1995’s Data Protection Directive (95/46/EC), are a step closer to being introduced next year.
The new regulation means that as well as redesigning their IT systems, companies involved in the collection and processing of personal data will also be required to update their compliance procedures.
Designed to respond to the evolving technological environment in which EU citizens live and work, the measures detailed in the proposed regulation include: fines of up to €100m or 5% of global turnover, whichever is the greater; stringent authorisation regarding the transfer of data to non-EU countries; the ‘right to be forgotten’; and the appointment of a data protection officer in organisations that process more than 5,000 records in a 12 month period.
“The cost to business of implementing the changes required to comply with this piece of regulation may be significant, but the cost of failing to comply could be far greater,” said Stephen Wares, Marsh’s cyber liability practice leader for Europe, the Middle East and Africa (EMEA).
“It is clear that there is a strong will from the EU to give national regulators increased powers, with the suggested fining structure acting as an effective deterrent for non-compliance.
“While the deadline for implementation next year remains fluid, organisations should start considering the effect of the regulation on their operations and begin a process for ensuring compliance. Firms should also consider the effectiveness of their existing insurance arrangements and whether there are other alternatives that could more adequately provide the protection needed to reflect their changing risk profile.”
However, a London summit on the industry’s introduction of the technology cautions that testing and acceptance are still at an early stage and firms should proceed with caution.
The proposals of both US presidential candidates could shake up operating conditions in several sectors, reports the credit ratings agency.
The Danish shipping and oil conglomerate confirmed that it will separate its businesses into stand-alone transport and energy divisions.
The central bank has tweaked its stimulus programme and is making a fresh effort to push Japan’s inflation rate above its 2% target.