Search Mobile

collapse

already registered?

Please sign in with your existing account details.

Email address

Password

need to register?

Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.

Privacy statement - Terms and conditions

Forgotten your password?

collapseSign

Browne Jacobson home

Insurance home

Our expertise

Cyber liability and data security

cyber liability and data security

information-large-server-room

For all commercial clients and especially those operating in the technology field, data security and privacy concerns have become business critical risks.

The General Data Protection Regulation (GDPR), which in May 2018 will supersede the Data Protection Act 1998, will revolutionise data protection and has a potentially huge impact on UK businesses. Organisations breaching the GDPR will face penalties of up to €20 million or 4% of global turnover, whichever is highest.

Our expert team of lawyers understand how the GDPR will impact the insurance sector and work closely with insurers and brokers in the sector to ensure they are handling data in their organisations and complying with the GDPR effectively.

what we do...

Regulatory concerns – we support our clients in all areas of regulatory compliance, from ensuring Draft and review of contracts to data management, including data sharing and marketing activities.
Cyber-crime and hacking – we ensure that advice following a breach is compliant within national and international laws. We can liaise with regulators and law enforcement, undertake reputation management advice, communicate with affected individuals and engage in legal proceedings against a service provider.

Technology E & O – we act for global data companies in respect of privacy implications of their day-to-day operations and development of new technology.
Privacy violations – we advise on regulatory compliance obligations and remedial action. We can take part in training exercises to consider potential scenarios and prepare a robust plan for future breaches.

related resources

Legal updates

Legal and regulatory monthly update - September 2019

The latest update covering delegated authority, insurance product development, the senior insurance managers regime, data protection, operational control frameworks, Lloyds market, and horizon scanning.

View

Legal updates

E-technology: work smarter, not harder

Despite the Jackson reforms attempting to persuade parties to move away from standard disclosure and utilise the menu of options available, reducing the consequential costs of disclosure, there has still been a reluctance to depart from that procedure and make use of the alternative disclosure options available.

View

Legal updates

Enforcement notice issued against council by the ICO due to subject access request backlog

An enforcement notice has been issued by the Information Commissioner’s Office (the ICO) under the Data Protection Act 1998 which requires the London Borough of Lewisham to clear a backlog of subject access requests by 15 October 2018.

View

Legal updates

Complaints, investigations and reviews: data protection issues

Data protection legislation changed on 25 May 2018, with the consequence that the bases on which personal data could be lawfully processed, and the grounds on which personal data could be withheld from the data subject, have been narrowed.

View

View all

what the directories say...

Leading individual for the field of Professional Negligence

Legal 500 2014

recent experience

Advising a financial services business on pursuing an IT supplier for breach of contract and negligence following supplier’s failure to properly and securely decommission old IT assets following a wholesale upgrade.
Advising a global brand on cyber security following the hacking of its customer database. The advice covered compliance with UK, Irish and German data protection laws, engagement with regulators and law enforcement, reputation management, communications with affected individuals and legal proceedings against its service provider.
Advising a high-profile public body in relation to an investigation and enforcement action by the Information Commissioner following the failure of a contractor to properly secure an online claim system. The advice included negotiating the terms of a public undertaking.
Advising a major multinational insurance company on the strategic and practical aspects of an international transfer of employee data across over 27 jurisdictions.
Advising an on-line financial services business facing a significant monetary penalty from the Information Commissioner’s Office for alleged breach of privacy regulations.
Advising Barclays on the integration of customer databases following the acquisition of businesses. The advice covered issues including marketing consents and compliance with data protection and privacy regulations.
Advising insurer clients on the implications of the EU data protection regime on the marketing aspects of partnership arrangements.
Developing a contractual data transfer solution for a global fraud and risk advisory business to permit the free flow of personal data between Europe, Asia and North and South America.
Reviewing the results of an international specialist insurer’s internal data protection audit.
Supporting a high-profile global business, headquartered in London, in its lobbying on the GDPR both to UK parliamentarians and to Members of the European Parliament.
Undertaking an audit of online activity by the employees of a global brand to identify misuse of systems and potential criminal offences.