by JLT Asia
Why does GDPR matter to Asian Companies
Whilst the GDPR may be an EU regulatory framework, it applies to all organisations that accept or process personal data of EU residents, whether or not domiciled outside the EU
With its expanding extraterritorial reach, it is thus pertinent for Asian organisations to assess if they would fall under the the remit of GDPR Any contact with entities within the EU, whether they are selling into the EU or using EU data as part of a global business operators, will inevitably have GDPR implications
One of the most alarming aspect of the GDPR is the potential for significant financial consequences with fines of up to EUR20 million approximately USD235million or 4% of the organisations global turnover, whichever is higher
A study from Veritas Technologies has revealed that 86% of organisations worldwide are concerned that a failure to adhere to the up.coming GDPR could have a major negative impact on their business In Singapore, about 92% of all local organisations have expressed concerns over the potential GDPR fallout, along with 20% who fear that their business could suffer a huge financial impact due to non-.compliance
Mitigate the risk
With the impending GDPR, we have experienced an increase in demand for cyber insurance as many .companies are turning into cyber insurance as a solution to mitigate the impact of any financial loss
One of the key focuses for many of our clients is on the insurability of fines for a GDPR breach Standalone cyber insurance will cover fines and penalties to the extent that they are insurable by law However, the extent to which insurance proceeds can be used to recoup the costs of regulator penalties under the GDPR is still a grey area and will need to be tested in courts
There is also a new breach notification regime under the GDPR where .companies have a legal obligation to report a data breach to the data protection regulator This will include any breach of security measures or if you find that personal data that you held have been unlawfully accessed In such instances, the data controller must report such a breach to the supervisory authority without undue delay, and in any event within 72 hours and possibly to the affected data subjects as well These notification requirements have also been extended to data processors where under the GDPR; processors must inform their respective data controllers when they be.come aware of any personal data breach
The repercussions of having a data breach or getting GDPR wrong would undoubtedly be a board-level issue With the corresponding exposure of regulatory investigations, fines and reputational risk, it is now even more important for .companies to be prepared and to start considering measures to mitigate any financial loss
Whilst the GDPR may be an EU regulatory framework, it applies to all organisations that accept or process personal data of EU residents, whether or not domiciled outside the EU
With its expanding extraterritorial reach, it is thus pertinent for Asian organisations to assess if they would fall under the the remit of GDPR Any contact with entities within the EU, whether they are selling into the EU or using EU data as part of a global business operators, will inevitably have GDPR implications
One of the most alarming aspect of the GDPR is the potential for significant financial consequences with fines of up to EUR20 million approximately USD235million or 4% of the organisations global turnover, whichever is higher
A study from Veritas Technologies has revealed that 86% of organisations worldwide are concerned that a failure to adhere to the up.coming GDPR could have a major negative impact on their business In Singapore, about 92% of all local organisations have expressed concerns over the potential GDPR fallout, along with 20% who fear that their business could suffer a huge financial impact due to non-.compliance
Mitigate the risk
With the impending GDPR, we have experienced an increase in demand for cyber insurance as many .companies are turning into cyber insurance as a solution to mitigate the impact of any financial loss
One of the key focuses for many of our clients is on the insurability of fines for a GDPR breach Standalone cyber insurance will cover fines and penalties to the extent that they are insurable by law However, the extent to which insurance proceeds can be used to recoup the costs of regulator penalties under the GDPR is still a grey area and will need to be tested in courts
There is also a new breach notification regime under the GDPR where .companies have a legal obligation to report a data breach to the data protection regulator This will include any breach of security measures or if you find that personal data that you held have been unlawfully accessed In such instances, the data controller must report such a breach to the supervisory authority without undue delay, and in any event within 72 hours and possibly to the affected data subjects as well These notification requirements have also been extended to data processors where under the GDPR; processors must inform their respective data controllers when they be.come aware of any personal data breach
The repercussions of having a data breach or getting GDPR wrong would undoubtedly be a board-level issue With the corresponding exposure of regulatory investigations, fines and reputational risk, it is now even more important for .companies to be prepared and to start considering measures to mitigate any financial loss
Source: https://www.asiajlt.com/our-insights/cyber-decoder/gdpr-a-challenge-to-asian-.companies