SDV Insights

EU Adopts General Data Protection Regulation; Now May Be the Time to Look for EU Cyber Coverage


On October 22, we posted about the anticipated EU General Data Protection Regulation. As expected, the EU adopted the Regulation as part of its data protection reform package on December 15.

US businesses have been concerned about protecting the data of EU subjects transmitted to the US because in October, the European Court of Justice declared the US Safe Harbor regime invalid. EU and US negotiators have been frantically working on a new data transfer agreement to replace the Safe Harbor program. Some commentators also believe that amending the Electronic Communications Privacy Act (ECPA) could be a workable solution. However, no viable replacement of the Safe Harbor is yet available.

Two features of the new EU Data Protection Regulation are of particular concern to US businesses with offices in, or doing business with, EU member countries: 1) joint liability of the processor and the controller of the data belonging to EU subjects, and 2) the data breach notification requirement and the steep administrative fines.

Even though the regulation won’t take effect for two years, US businesses with European connections are well advised to start preparing now. The new rules require that large and medium-sized companies have a Data Protection Officer who will be responsible for implementing the new EU data regime within the organization, and for notifying the national regulator and the affected individuals in case of a data breach.

US businesses should also evaluate the need for EU-specific cyber coverage. Until now, the European cyber insurance market has been relatively small compared to the US, but the demand has been steadily growing as companies start preparing for the new Data Protection Regulation.

We are watching this closely and will continue to post more information as the situation develops.






CONTACT US

The email you are sending does not create an attorney-client relationship with SDV. We do not agree to representation until we have performed a check for conflicts of interest and expressly agree to provide services in a particular matter via an engagement letter. The information submitted to us via this website will NOT be treated as confidential or privileged as a lawyer/client communication and our receipt of this information does not prevent us from representing a client related to the subject of your inquiry.

Northeast

35 Nutmeg Drive
Trumbull, CT 06611

203.287.2100

Southeast

851 5th Avenue N
Naples, FL 34102

239.316.7244

West Coast

Two BetterWorld Circle
Temecula, CA 92590

951.365.3145


SDV is based in Connecticut, conveniently located between New York City and Boston, with regional offices in Florida and California to better serve our clients. We're ready to answer your questions and eager to assist you in developing solutions.