Cyber & Data Protection experience
The substantial increase in data breaches and the changing landscape in reporting regulations have led to a heightened awareness of the need for network security and compliant data protection processes. The potential financial and reputational implications of a cyber incident or data breach are a board level concern across all organisations.
Data can be vulnerable to a disgruntled employee, internal accidents and external 'bad actors' - whether state-backed or not.
Our lawyers recognise that clients face different challenges when it comes to insurance and data security. Whether advising insurers or their policyholders we ensure we understand the client's objectives and provide advice tailored to meet those individual needs.
We advise our clients on how they should regularly review and adapt their policies and procedures to ensure they remain compliant with the UK GDPR and Data Protection Act 2018, and other legislation where applicable.
Regulatory / Compliance
We advise clients on compliance with the UK GDPR and EU GDPR and international transfer regulations. We draft privacy policy notices and wordings for use in insurance applications and claim forms particularly where special category data, such as health data, shall be processed.
Policy wording and coverage
We advise on policy wordings and the development of cyber products to respond to market demands, as well as coverage issues. This may be in the context of a traditional insurance policy, affirmative cyber coverage under a non-cyber policy or a standalone cyber policy.
Advisory
We advise on loss management (including the involvement of specialist data security experts) in the event of a data breach or cyber attack, the defence of civil claims and communications with the UK Information Commissioner's Office or the lead supervisory authority.
If you receive a Subject Access Request, data erasure request or (where applicable) a Freedom of Information request we can manage this for you and/or advise you on how to provide a compliant response within the statutory deadlines.
