THE GENERAL DATA PROTECTION REGULATION

Similar documents
Add our expertise to yours Protection from the consequences of cyber risks

Cyber Risk & Insurance

An Overview of Cyber Insurance at AIG

Employers pension consultation obligations

Tech and Cyber Claims Services

NZI LIABILITY CYBER. Are you protected?

Your defence toolkit. How to combat the cyber threat

CHARITY & NFP LAW BULLETIN NO. 419

Commercial Insurance >

Cyber breaches: are you prepared?

CYBER LIABILITY INSURANCE OVERVIEW FOR. Prepared by: Evan Taylor NFP

Cyber Enhancement Endorsement

DEBUNKING MYTHS FOR CYBER INSURANCE

EMIR review. Client briefing. Article. Additional types of financial counterparty. Exemption from the clearing obligation for small FCs

Insuring your online world, even when you re offline. Masterpiece Cyber Protection

PRIVACY AND CYBER SECURITY

New legislation brings changes to how data is handled

Cyber Risk Insurance. Frequently Asked Questions

Cyber Liability Insurance. Data Security, Privacy and Multimedia Protection

At the Heart of Cyber Risk Mitigation

STEPPING INTO THE A GUIDE TO CYBER AND DATA INSURANCE BREACH

Multinational Programs Insurers Perspective ABGR October 28, Angel L. Torres Zequeira Head of Multinational LAC

Pensions briefing. RPI and CPI 12 things you should know. What is the background to the use of RPI and CPI in uplifting pension payments?

Dealing with legal and regulatory risk

Sizing the Standalone Commercial Cyber Insurance Market

Pensions briefing. Pension liberation Pensions Ombudsman decisions and online guidance. Briefing. Introduction

A GUIDE TO CYBER RISKS COVER

JAMES GRAY SPECIAL GUEST 6/7/2017. Underwriter, London UK Specialty Treaty Beazley Group

Cyber Security & Insurance Solution Karachi, Pakistan

Member Circular March Implementation of the EU General Data Protection Regulation 2016/679 General Guidance to Members

Liability schemes in sourcing contracts

Guidance: The new EU General Data Protection Regulation: Implications for Australia

UK Motor Insurance Insights: Managing the challenges of digital risk

Chubb Cyber Enterprise Risk Management

CYBER INSURANCE. Tel No: E Riley Road, Riley Road Office Park, Bedfordview, Gauteng, 2008

We are the world s largest insurance organization, with more than 64,000 employees across the globe. This guide explains what we re about and what

A broker guide to selling cyber insurance. CyberEdge Sales Playbook

AIG Multinational Insurance. Six considerations for a multinational insurance program.

The Wild West Meets the Future: Key Tips for Maximizing Your Cyber and Privacy Insurance Coverage

Commercial Insurance >

Cyber Liability Launch Event Moscow

CYBER INSURANCE IN IF - with a touch of Casualty - August 18 th 2017 Kristine Birk Wagner

Pinsent Masons in Spain

Impact of Brexit on life sciences and healthcare

Impact of Brexit on technology and innovation

Architects & Engineers Professional Liability

Allianz Global Corporate & Specialty Pacific. Allianz Cyber Protect Premium

Marine THIS INFORMATION IS INTENDED FOR INSURANCE BROKERS AND OTHER INSURANCE PROFESSIONALS ONLY. Global reach, local service.

Cyber & Privacy Liability and Technology E&0

Protecting Against the High Cost of Cyberfraud

Surprisingly, only 40 percent of small and medium-sized enterprises (SMEs) believe their

Cyber Security Liability:

Cybersecurity Privacy and Network Security and Risk Mitigation

Client Risk Solutions Going beyond insurance. Risk solutions for Financial Institutions. Start

You ve been hacked. Riekie Gordon & Roger Truebody & Alexandra Schudel. Actuarial Society 2017 Convention October 2017

Commercial Crime. Are you prepared for the financial cost on your business following a Crime?

ConSept: Policy Highlights: Other Coverage Features

Cyber-Insurance: Fraud, Waste or Abuse?

HOW TO INSURE CYBER RISKS? Oulu Industry Summit

STEPPING INTO THE BREACH A GUIDE TO CYBER AND DATA INSURANCE

Ironshore Canada began offering specialty insurance in Ironshore Canada offers capacity through Ironshore Insurance Ltd. (Canada Branch) and

Largest Risk for Public Pension Plans (Other Than Funding) Cybersecurity

Legal Compliance Education and Awareness. Privacy Act (Commonwealth)

Data Breach Program Pricing Companies with revenues less than $1,000,000

Cyber Risk Mitigation

Cyber Liability State of the Insurance Market & Risk Update Sept 8, ISACA North Texas

IMB s Privacy Policy. imb.com.au ued1018. Contents. Overview. What personal information we collect

Cyber Risks & Insurance

LIABILITY INTERRUPTION OF ACTIVITIES CYBER CRIMINALITY OWN DAMAGE AND COSTS OPTION: LEGAL ASSISTANCE

ChicagoLand RIMS Cyber Insurance Coverage Pitfalls and How to Avoid Them

What U.S.- Based Investment Advisers Should Know

Unlocking Value of Professional Liability Insurance. Gary Chua. 27 May 2009

Insurance Policy Schedule

red24 Special Risks - Kidnap for Ransom and Extortion Mitigation

Revising policies and procedures under the new EU GDPR

SEC municipal securities self-reporting initiative

Medical Insurance and Fraud

Cyber Liability: New Exposures

A FRAMEWORK FOR MANAGING CYBER RISK APRIL 2015

Electronic Commerce and Cyber Risk

GLOBAL DATA PROTECTION POLICY URUP

CyberEdge. Proposal Form

WHY CHOOSE HFW? GENEVA

Global solutions. Local expertise.

Client Risk Solutions Going beyond insurance. Overview

What AIG Brings to the Table

Small business, big risk: Lack of cyber insurance is a serious threat

Beazley Financial Institutions

2015 EMEA Cyber Impact Report

Zurich. A global insurer

Cyber a risk on the rise. Digitalization Conference Beirut, 4 May 2017 Fabian Willi, Cyber Risk Reinsurance Specialist

Cyberinsurance: Necessary, Expensive and Confusing as Hell. Presenters: Sharon Nelson and Judy Selby

PROTECTING CONSTRUCTION PROFESSIONALS FROM EVERY POSSIBLE ANGLE

The Fundamentals of Cyber Risk and Insurance

Alert Franchise & Distribution/ Cybersecurity, Privacy & Crisis Management

CYBER LIABILITY REINSURANCE SOLUTIONS

Insuring intangible assets: Is the insurance industry keeping pace with its customers changing requirements?

The New EU General Data Protection Regulation (GDPR)

Privacy and Data Breach Protection Modular application form

Ivory Coast: Amendments to the mining code

Transcription:

THE GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ORGANISATIONS IN THE MIDDLE EAST The General Data Protection Regulation (GDPR) is a major revision to data protection laws in the EU and has potential implications for companies around the world, including those based in the Middle East. Middle East organisations need to understand whether or not they must comply with the GDPR. Our guide will walk you through the key tests to apply in order to establish whether or not the GDPR applies to you. If you need to update your practices to ensure compliance, rton Rose Fulbright can help. One feature of the GDPR is the strict obligations imposed on companies with regards to personal data breaches. An AIG CyberEdge policy can assist with the financial and reputational ramifications resulting from a data breach and can ensure your business remains up and running.

GDPR HAS BEEN IN FORCE SINCE 25 MAY 2018 Complying with data protection rules has never been so important. Is your business affected by the GDPR? If so, is it compliant and adequately protected in the event of a data breach? We re based in the UAE. Why is GDPR relevant to our business? You may think the General Data Protection Regulation is not relevant to your business.take our test below to understand whether you must be GDPR compliant. The Regulation protects people's personal data and this simple guide will help you understand if your business is exposed and how legal advice and insurance can assist in the event of a data breach. The UAE's diverse mix of local and international companies and significant trade volumes with the EU makes considering the applicable data protection regulations imperative. The EU is a significant trading partner for the UAE. In 2017, it accounted for The number of data breaches and therefore claims is growing year on year 12% of the UAE's global trade (imports and exports), worth 52.7bn Cyber claims growth % 50 40 30 20 10 Source: European Union: Trade in goods with United Arab Emirates 0 2014 2015 2016 2017 Source: AIG Cyber Claims Report 2018; AIG Europe, Middle East, Africa 2

Does your company need to be compliant with the GDPR? Check by answering these simple questions For more information, please see our guidance on page 6 START Does your business process personal data? Does your business have an establishment in the EU? Is the processing of personal data in the context of the activities of the establishment? GDPR is not directly applicable to your business Do you actively offer free or paid-for goods or services to individuals based in the EU? You are required to be GDPR-compliant Do you monitor any behaviour of individuals based in the EU? Does the law of any EU member state apply to you by virtue of public international law? If you need to be GDPR compliant, rton Rose Fulbright can discuss what this means for your business. An AIG CyberEdge policy can assist with the financial and reputational ramifications resulting from a data breach to ensure that your business remains up and running. Even if you do not need to be GDPR compliant, you may wish to consider updating your data privacy policies from a best-practice perspective. rton Rose Fulbright can assist with this. 3

MOST COMMON BREACHES IN 2017 (%) 26% Ransomware 12% Data breach by hackers 11% Other unauthorised access Data breaches put personal information at risk and can damage a company s reputation 9% 8% 34% Impersonation fraud Malware/virus Other INDUSTRIES MOST AT RISK, 2017 (%) 18% 18% 12% Professional services Financial services Retail / wholesale The risk of falling foul of GDPR is higher for industries that hold sensitive personal and financial information, however, no industry is immune to GDPR exposure 10% 10% 32% Business services Manufacturing Other Source: AIG Cyber Claims Report 2018; AIG Europe, Middle East, Africa Substantial fines have been introduced under the GDPR: For serious breaches 10m or 2% of total worldwide annual turnover, whichever is the greater For very serious breaches 20m or 4% of total worldwide annual turnover, whichever is the greater 4

CyberEdge - Add our expertise to yours GDPR increases the need for effective insurance to protect an organisation and help it take the correct action should a breach occur. A timely response to an attack is critical to minimising its impact. BREACH COMPONENT Breach Forensics Legal/PR tification Fines & Investigation Liabilities CYBEREDGE RESPONSE Immediate response within 1 hour from claims and breach counsel Expert forensic support to determine what s been affected, how can it be contained, repaired or restored Expert legal advice and PR consultancy to contain reputational damage Costs of notifying data subjects who may be affected by the breach and credit monitoring to prevent further losses Professional preparation for any investigation, insurable fines, and penalties by a data protection regulator Defence costs and damages for: Any breach of personal or corporate data Contaminating someone else s data with a virus Theft of system access code A negligent act or error by an employee The AIG CyberEdge end-to-end risk management solution, consisting of pre-breach risk management solutions, a broad insurance policy wording and best-in-class incident response services, is designed to help organisations get back to normal operations as soon as possible following a cyber breach or cyber-attack. End-to-End Risk Management Solution From our innovative loss prevention tools providing education and potentially preventing a breach, to the services of our CyberEdge Breach Resolution Team if a breach does occur, insureds receive responsive guidance every step of the way. Loss Prevention Services Insurance Coverage Breach Resolution Team Knowledge Third-Party Loss Resulting From a Security or Data Breach 7/24 Guidance Supported by IBM Training and Compliance Solutions Powered by Direct First-Party Costs of Responding to a Breach Legal and Forensics Services: KPMG, rton Rose Fulbright IT Security Assessment Services Powered by IBM Lost Income and Operating Expense Resulting From a Security or Data Breach tification, Credit and ID Monitoring Consultation Threats to Disclose Data or Attack a System to Extort Money Crisis Communication Experts Proactive Shunning Services Powered by Online Defamation and Copyright and Trademark Infringement Over 15 Years (Since 1999) Experience Handling of Cyber-Related Claims For more information about our CyberEdge solution please contact your insurance broker or reach out to one of our cyber underwriters. 5

Definitions and Guidance Section Test Source Guidance Processing Article 4 GDPR Processing is very broad and means any operation which is performed on personal data. Processing includes, for example: the collection, storage, use and disclosure of personal data. Personal Data Article 4 GDPR Personal data is any information relating to an identified or identifiable individual. This is interpreted broadly under the GDPR. Personal data includes, for example: name, address, passport/id number, bank account number, gender, ethnic origin, test results. The information a business holds about its employees is personal data. Establishment Article 3(1) GDPR An establishment is a stable presence in the EU. Recital 22 GDPR Weltimmo (Case C-230/14) This may occur in a variety of ways, for example through a branch, subsidiary or office in an EU country. The European courts have interpreted establishment broadly. One or two employees could be sufficient to constitute an establishment in the EU. In the context of an establishment Article 3(1) GDPR Google Spain (Case C-131/12) EU case law has interpreted this requirement broadly. Google Spain established that a non-eu business processing data is in the context of an EU establishment if the two are inextricably linked. Actively offer Goods or Services: Article 3(2)(a) GDPR Recital 23 GDPR An inextricable link is likely to be found where the non-eu business depends economically on activities conducted in the EU. There must be an intent to draw EU Data Subjects as customers This condition is not met by a business merely having a website that can be accessed by individuals in the EU to buy goods. Key factors which can evidence the active offering of goods and services include: the language options, currency options, shipping options and the top level domain name. Monitoring Article 3(2)(b) GDPR Monitoring means tracking on the internet, including to predict preferences, behaviours and attitudes or perform analytics. Recital 24 GDPR A common example is the use of cookies that collect data on how individuals interact with your website or their activity on other websites in order to analyse or predict preference. Member State Applicability Article 3(3) GDPR Recital 25 GDPR This is a question of public international law. For example, this will apply in a Member State s diplomatic mission or consular post. 6

Contacts Adjou Ait Ben Idir Partner, rton Rose Fulbright, Dubai Adjou.AitBenIdir@nortonrosefulbright.com +971 4 369 6393 Alexander Blom Head of Broker & Client Engagement, AIG MEA Ltd Alexander.Blom@AIG.com +971 (0)4 509 6272 rton Rose Fulbright is a global law firm. We provide the world s preeminent corporations and financial institutions with a full business law service. We have more than 4000 lawyers and other legal staff based in more than 50 cities across Europe, the United States, Canada, Latin America, Asia, Australia, the Middle East and Africa. Recognized for our industry focus, we are strong across all the key industry sectors: financial institutions; energy; infrastructure, mining and commodities; transport; technology and innovation; and life sciences and healthcare. Through our global risk advisory group, we leverage our industry experience with our knowledge of legal, regulatory, compliance and governance issues to provide our clients with practical solutions to the legal and regulatory risks facing their businesses. Wherever we are, we operate in accordance with our global business principles of quality, unity and integrity. We aim to provide the highest possible standard of legal service in each of our offices and to maintain that level of quality at every point of contact. rton Rose Fulbright Verein, a Swiss verein, helps coordinate the activities of rton Rose Fulbright members but does not itself provide legal services to clients. rton Rose Fulbright has offices in more than 50 cities worldwide, including London, Houston, New York, Toronto, Mexico City, Hong Kong, Sydney and Johannesburg. For more information, see nortonrosefulbright.com/legal-notices. The purpose of this communication is to provide information as to developments in the law. It does not contain a full analysis of the law nor does it constitute an opinion of any rton Rose Fulbright entity on the points of law discussed. You must take specific legal advice on any particular matter which concerns you. If you require any advice or further information, please speak to your usual contact at rton Rose Fulbright. AIG is the marketing name for the worldwide property-casualty, life and retirement, and general insurance operations of American International Group, Inc. For additional information, please visit our website at www.aig.com. All products and services are written or provided by subsidiaries or affiliates of American International Group, Inc. Products or services may not be available in all countries, and coverage is subject to actual policy language. n-insurance products and services may be provided by independent third parties. Certain property-casualty coverages may be provided by a surplus lines insurer. Surplus lines insurers do not generally participate in state guaranty funds, and insureds are therefore not protected by such funds.

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback