Where will the main exposure exist for Data Protection Officers (DPO's)/Chief Information Security Officers (CISO), who are operating as contractors?
We understand that helping a business become compliant with GDPR is not going to be an easy process in most cases. Measured advisory services will be needed to change a company’s culture to make them continuously more aware and compliant, whilst concurrent actions will also be needed, such as: improvements made to the documentation of policies and procedures and also recommending how to mitigate risk and make systems and controls more robust.
The level of responsibility to deliver the above is no doubt very high and any failure, or indeed alleged failure to deliver compliance will lead to a professional indemnity insurance exposure.
Some data protection consultants will be appointed on a non-executive basis. If this occurs, you are accountable to a number of stakeholders and government organisations, to make sure that you are fulfilling your duty and acting diligently and therefore you will have a directors’ & officers’ liability exposure (check your company has this policy in force and it covers you).
With the increased use of technology, the implications of a ‘hack’ or security breach can result in a range of losses to both the Data Protection Officers (DPO’s)/Chief Information Security Officers (CISO) and also the companies that they are consulting for. If this occurs, this will lead to a Cyber Liability Insurance exposure.
Other, slightly lower risks also apply, such as damaging property, or causing injury to people, employees falling ill/dying as a result of the actions of the business and damage/loss of equipment.
* Note that other risks to your business may apply and therefore this guide should not be solely relied upon. If you have any particular concerns, which are not addressed above, please contact us to discuss further.
Get a quote