{"id":6406,"date":"2023-12-27T09:49:14","date_gmt":"2023-12-27T15:49:14","guid":{"rendered":"https:\/\/www.bbrown.com\/?post_type=insight&#038;p=6406"},"modified":"2023-12-27T09:49:14","modified_gmt":"2023-12-27T15:49:14","slug":"gdpr-for-risk-managers-the-basics","status":"publish","type":"insight","link":"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/","title":{"rendered":"GDPR For Risk Managers | The Basics"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row row_style=&#8221;page-hero&#8221; full_width=&#8221;stretch_row_content&#8221;][vc_column]\n\t<div class=\"hero hero--wrap    \">\n\n\t\t<div class=\"hero--background-image hero--background-image-blur\">\n\t\t\t<div class=\"hero--overlay\"><\/div>\n\t\t\t\t\t\t\t<div class=\"hero-background\" style=\"background: url(https:\/\/www.bbrown.com\/wp-content\/uploads\/2023\/12\/GDPR-For-Risk-Managers-Brown-Brown-External-web-image.jpg) center center no-repeat; background-size: cover;\"><\/div>\n\t\t\t\t\t<\/div>\n\n\t\t<div class=\"hero--container\">\n\t\t\t<div class=\"container\">\n\t\t\t\t<div class=\"hero--inner width-100\">\n\n\t\t\t\t\t\n  <div class='content-heading  100%  '>\n    <p class='text-white subheading'>Property &amp; Casualty<\/p>\n    <h1 class='text-white    '>\n      GDPR For Risk Managers | The Basics\n    <\/h1>\n\t\n  <\/div>\t\t\t\t\t\n\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\n\t<\/div>\n\n\t\n[\/vc_column][\/vc_row][vc_row][vc_column width=&#8221;2\/3&#8243;]\n  <div class='content-heading  100% content-heading--ruled '>\n    \n    <h1 class='text-brand-dark-blue    h2'>\n      GDPR For Risk Managers | The Basics\n    <\/h1>\n\t\n  <\/div>[vc_column_text]The General Data Protection Regulation (GDPR), effective May 25, 2018, requires any company collecting, storing or processing data of European Union residents to comply with data privacy and protection regulations, which change rapidly. Key components of GDRP include regulation around record keeping, control systems and breach notification requirements. To be GDPR compliant, companies must maintain records of all personal data, detailing how the data is used, where it is sent and how it is protected. Data subjects have the right to request information about the use and dissemination of personal data and the right to withdraw their data.<\/p>\n<p>Maintaining appropriate records requires obtaining and properly documenting informed consent. This applies to data collected both before and after the GDPR effective date. Additionally, companies must design systems and controls tailored for data protection. Examples of these controls include implementing codes of conduct and training, developing data breach response preparedness guidelines and hiring a fully trained data protection officer designated to ensure regular and systematic monitoring of data privacy systems. In the event of a personal data breach, companies must promptly notify the proper supervisory authority and possibly the affected individuals.<\/p>\n<p>Since the GDPR entered into force, over 2,000 cases have been created in the European Data Protection Board\u2019s case register, and 711 final decisions have been taken. In some cases, imposed fines have reached hundreds of millions of euros. Updated rules designed to streamline enforcement between EU states came into effect in July 2023. The European Commission expects that these will bring swifter case resolutions, meaning quicker remedies for individuals and more legal certainty for businesses.<\/p>\n<p>Compliance with regulations is critical to avoid fines and penalties, handle the changing regulatory landscape and better protect customer data. Noncompliance with GDPR core principles could result in fines and penalties of up to 20 million euros or 4% of global revenue, which could lead to customer dissatisfaction and reputational harm.<\/p>\n<p>Traditional non-cyber insurance policies are unlikely to cover claims brought by consumers, individuals or government agencies enforcing the claims including costs of defending investigations. Cyber policies can provide coverage; however, they must cover all results caused by the failure to conform with GDPR requirements. To obtain the broadest coverage, companies should first make sure they are compliant. Prioritizing compliance helps avoid breaches, litigation and claims.<\/p>\n<h3>Examples<\/h3>\n<p>Since GDPR was imposed, fines have reportedly reached over 4 billion euros collectively. Examples of larger fines imposed to date, and the company\u2019s industry include:<\/p>\n<ul>\n<li>Technology Company (1.2 billion euros)<\/li>\n<li>E-Commerce Company (746 million euros)<\/li>\n<li>Retail Company (35.25 million euros)<\/li>\n<li>Telecommunications Company (27.8 million euros)<\/li>\n<li>Airline (22.4 million euros)<\/li>\n<li>Hospitality Company (20.45 million euros)<\/li>\n<\/ul>\n<p>[\/vc_column_text]\t<div class='wpb_content_element text-left btn-container'>\n\t\t\t\t\t<a class='btn btn-brand-green  '\n\t\t\t\thref='https:\/\/www.bbrown.com\/wp-content\/uploads\/2023\/12\/GDPR-For-Risk-Managers-Brown-Brown-External_web.pdf' target='_blank' data-toggle=''>\n\t\t\t\t<span class=\"btn-text-color--default\">Download PDF<\/span>\n\t\t\t<\/a>\n\t\t\t<\/div>\n[\/vc_column][vc_column width=&#8221;1\/3&#8243;][vc_single_image image=&#8221;2885&#8243; alignment=&#8221;center&#8221; style=&#8221;vc_box_circle_2&#8243;][vc_separator border_width=&#8221;2&#8243; el_width=&#8221;60&#8243;][vc_column_text]<\/p>\n<h6 style=\"text-align: center;\">Jessica Slater<\/h6>\n<p style=\"text-align: center;\">Vice President, Cyber<\/p>\n<p>[\/vc_column_text][vc_single_image image=&#8221;1368&#8243; alignment=&#8221;center&#8221; style=&#8221;vc_box_circle_2&#8243;][vc_column_text]<\/p>\n<h6 style=\"text-align: center;\">Chris Keegan<\/h6>\n<p style=\"text-align: center;\">Senior Managing Director<\/p>\n<p>[\/vc_column_text]\t<div class='wpb_content_element text-center btn-container'>\n\t\t\t\t\t<a class='btn btn-brand-dark-blue  '\n\t\t\t\thref='\/us\/contact\/contact-general\/' target='' data-toggle=''>\n\t\t\t\t<span class=\"btn-text-color--default\">Connect Now<\/span>\n\t\t\t<\/a>\n\t\t\t<\/div>\n[\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>[vc_row row_style=&#8221;page-hero&#8221; full_width=&#8221;stretch_row_content&#8221;][vc_column][\/vc_column][\/vc_row][vc_row][vc_column width=&#8221;2\/3&#8243;][vc_column_text]The General Data Protection Regulation (GDPR), effective May 25, 2018, requires any company collecting, storing or processing data of European Union residents to comply with data privacy [&hellip;]<\/p>\n","protected":false},"author":66,"featured_media":6407,"template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"insight_category":[34],"class_list":["post-6406","insight","type-insight","status-publish","has-post-thumbnail","hentry","insight_category-property-casualty"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>GDPR For Risk Managers | The Basics - Brown &amp; Brown<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GDPR For Risk Managers | The Basics\" \/>\n<meta property=\"og:description\" content=\"[vc_row row_style=&#8221;page-hero&#8221; full_width=&#8221;stretch_row_content&#8221;][vc_column][\/vc_column][\/vc_row][vc_row][vc_column width=&#8221;2\/3&#8243;][vc_column_text]The General Data Protection Regulation (GDPR), effective May 25, 2018, requires any company collecting, storing or processing data of European Union residents to comply with data privacy [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/\" \/>\n<meta property=\"og:site_name\" content=\"Brown &amp; Brown\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.bbrown.com\/wp-content\/uploads\/2023\/12\/GDPR-For-Risk-Managers-Brown-Brown-External-web-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"667\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/\",\"url\":\"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/\",\"name\":\"GDPR For Risk Managers | The Basics - Brown &amp; Brown\",\"isPartOf\":{\"@id\":\"https:\/\/www.bbrown.com\/us\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.bbrown.com\/wp-content\/uploads\/2023\/12\/GDPR-For-Risk-Managers-Brown-Brown-External-web-image.jpg\",\"datePublished\":\"2023-12-27T15:49:14+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/#breadcrumb\"},\"inLanguage\":\"us\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"us\",\"@id\":\"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/#primaryimage\",\"url\":\"https:\/\/www.bbrown.com\/wp-content\/uploads\/2023\/12\/GDPR-For-Risk-Managers-Brown-Brown-External-web-image.jpg\",\"contentUrl\":\"https:\/\/www.bbrown.com\/wp-content\/uploads\/2023\/12\/GDPR-For-Risk-Managers-Brown-Brown-External-web-image.jpg\",\"width\":1000,\"height\":667,\"caption\":\"Profile side view portrait of his he nice attractive skilled focused serious, guy writing script ai tech support devops creating digital solution front-end in dark room workplace station indoors\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.bbrown.com\/us\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Insights\",\"item\":\"https:\/\/www.bbrown.com\/us\/news-events\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"GDPR For Risk Managers | The Basics\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.bbrown.com\/us\/#website\",\"url\":\"https:\/\/www.bbrown.com\/us\/\",\"name\":\"Brown &amp; Brown\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.bbrown.com\/us\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.bbrown.com\/us\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"us\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.bbrown.com\/us\/#organization\",\"name\":\"Brown &amp; Brown\",\"url\":\"https:\/\/www.bbrown.com\/us\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"us\",\"@id\":\"https:\/\/www.bbrown.com\/us\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.bbrown.com\/wp-content\/uploads\/2021\/12\/cropped-BBRetail002-RGBrevs.png\",\"contentUrl\":\"https:\/\/www.bbrown.com\/wp-content\/uploads\/2021\/12\/cropped-BBRetail002-RGBrevs.png\",\"width\":1000,\"height\":136,\"caption\":\"Brown &amp; Brown\"},\"image\":{\"@id\":\"https:\/\/www.bbrown.com\/us\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"GDPR For Risk Managers | The Basics - Brown &amp; Brown","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/","og_locale":"en_US","og_type":"article","og_title":"GDPR For Risk Managers | The Basics","og_description":"[vc_row row_style=&#8221;page-hero&#8221; full_width=&#8221;stretch_row_content&#8221;][vc_column][\/vc_column][\/vc_row][vc_row][vc_column width=&#8221;2\/3&#8243;][vc_column_text]The General Data Protection Regulation (GDPR), effective May 25, 2018, requires any company collecting, storing or processing data of European Union residents to comply with data privacy [&hellip;]","og_url":"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/","og_site_name":"Brown &amp; Brown","og_image":[{"width":1000,"height":667,"url":"https:\/\/www.bbrown.com\/wp-content\/uploads\/2023\/12\/GDPR-For-Risk-Managers-Brown-Brown-External-web-image.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/","url":"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/","name":"GDPR For Risk Managers | The Basics - Brown &amp; Brown","isPartOf":{"@id":"https:\/\/www.bbrown.com\/us\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/#primaryimage"},"image":{"@id":"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/#primaryimage"},"thumbnailUrl":"https:\/\/www.bbrown.com\/wp-content\/uploads\/2023\/12\/GDPR-For-Risk-Managers-Brown-Brown-External-web-image.jpg","datePublished":"2023-12-27T15:49:14+00:00","breadcrumb":{"@id":"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/#breadcrumb"},"inLanguage":"us","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/"]}]},{"@type":"ImageObject","inLanguage":"us","@id":"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/#primaryimage","url":"https:\/\/www.bbrown.com\/wp-content\/uploads\/2023\/12\/GDPR-For-Risk-Managers-Brown-Brown-External-web-image.jpg","contentUrl":"https:\/\/www.bbrown.com\/wp-content\/uploads\/2023\/12\/GDPR-For-Risk-Managers-Brown-Brown-External-web-image.jpg","width":1000,"height":667,"caption":"Profile side view portrait of his he nice attractive skilled focused serious, guy writing script ai tech support devops creating digital solution front-end in dark room workplace station indoors"},{"@type":"BreadcrumbList","@id":"https:\/\/www.bbrown.com\/us\/insight\/gdpr-for-risk-managers-the-basics\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.bbrown.com\/us\/"},{"@type":"ListItem","position":2,"name":"Insights","item":"https:\/\/www.bbrown.com\/us\/news-events\/"},{"@type":"ListItem","position":3,"name":"GDPR For Risk Managers | The Basics"}]},{"@type":"WebSite","@id":"https:\/\/www.bbrown.com\/us\/#website","url":"https:\/\/www.bbrown.com\/us\/","name":"Brown &amp; Brown","description":"","publisher":{"@id":"https:\/\/www.bbrown.com\/us\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.bbrown.com\/us\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"us"},{"@type":"Organization","@id":"https:\/\/www.bbrown.com\/us\/#organization","name":"Brown &amp; Brown","url":"https:\/\/www.bbrown.com\/us\/","logo":{"@type":"ImageObject","inLanguage":"us","@id":"https:\/\/www.bbrown.com\/us\/#\/schema\/logo\/image\/","url":"https:\/\/www.bbrown.com\/wp-content\/uploads\/2021\/12\/cropped-BBRetail002-RGBrevs.png","contentUrl":"https:\/\/www.bbrown.com\/wp-content\/uploads\/2021\/12\/cropped-BBRetail002-RGBrevs.png","width":1000,"height":136,"caption":"Brown &amp; Brown"},"image":{"@id":"https:\/\/www.bbrown.com\/us\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.bbrown.com\/us\/wp-json\/wp\/v2\/insight\/6406","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bbrown.com\/us\/wp-json\/wp\/v2\/insight"}],"about":[{"href":"https:\/\/www.bbrown.com\/us\/wp-json\/wp\/v2\/types\/insight"}],"author":[{"embeddable":true,"href":"https:\/\/www.bbrown.com\/us\/wp-json\/wp\/v2\/users\/66"}],"version-history":[{"count":0,"href":"https:\/\/www.bbrown.com\/us\/wp-json\/wp\/v2\/insight\/6406\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.bbrown.com\/us\/wp-json\/wp\/v2\/media\/6407"}],"wp:attachment":[{"href":"https:\/\/www.bbrown.com\/us\/wp-json\/wp\/v2\/media?parent=6406"}],"wp:term":[{"taxonomy":"insight_category","embeddable":true,"href":"https:\/\/www.bbrown.com\/us\/wp-json\/wp\/v2\/insight_category?post=6406"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}