The growth in the market for specialist data risk insurance will continue if proposed changes to rules governing the international transfer of personal information are implemented, an expert has said. There is ongoing debate over proposed reforms to the EU’s existing data protection law framework ever since the European Commission outlined formal proposals on the issue in January 2012. The Commission set out a draft General Data Protection Regulation which would establish a single data protection law that would apply across all 27 EU member states and to companies that wish to process the personal data of EU citizens. MEP Jan Philipp Albrecht’s recent report on the Commission’s draft regulation suggests companies seeking to process data in countries outside of the European Economic Area that have not been designated as meeting EU standards should have to provide “financial indemnification” to individuals for data breaches. The need for insurance products “to transfer risk for the data processor or controller has grown,” said Ian Birdsey, an insurance law and data risk specialist. “While a standard professional indemnity policy may have been considered adequate five years ago, both companies and insurers have appreciated the need for specialist insurance products dealing with the myriad data risks.”
