Commercial Risk Europe: French market demands clarity on insurability of GDPR fines

08 February 2019

Law experts have urged French authorities to clarify whether fines imposed on companies for falling foul of the General Data Protection Regulation (GDPR) and other regulations can be covered by insurance.

During a workshop on the second day of Les Rencontres de l’AMRAE in Deauville, they said that current legislation in France is far from clear on whether administrative fines can be covered by insurance policies.

The theme has gained traction in France during the past year, especially since the GDPR kicked off in May.

GDPR breaches can result in fines of up to €20m or 4% of annual turnover for companies and their officials. However, unlike in the UK, there is still no indication in France about whether such fines are insurable or not.

“The authority that issues the fine has to decide whether it is insurable or not,” said JérômeKullmann, director of the Institute of Insurance at the Paris Dauphine University.

“In the UK, the ICO [Information Commissioner’s Office] has recently stated that nothing in the GDPR prevents fines from being covered by insurance. That has provided some clarity. In France, ACPR or AMF could, by their own initiative, say whether when they issue a fine, it is insurable or not,” he added.

The ICO oversees compliance with the GDPR in the UK. The ACPR is the Autorité de contrôle prudentiel et de résolution, France’s insurance market supervisor, while the AMF is the Autorité des Marchés Financiers, the country’s securities commission.

Estelle Josso, insurance and prevention director at Hermes International, noted that top managers are increasingly demanding more clarity from risk managers on whether the GPDR and other regulatory fines can be covered by insurance. The answer, however, is not clear at all.

Full article on Commercial Risk (subscription required)


© Commercial Risk Europe