News Release

May 2018

Aon and DLA Piper review insurability of GDPR fines across Europe

LONDON (16 May, 2018) Aon (NYSE:AON) and DLA Piper have launched a guide ‘The price of data security’, ahead of the General Data Protection Regulation (GDPR), effective from 25 May 2018.

The guide reviews the insurability of GDPR fines across Europe, which can reach up to €20 million or, if higher, up to 4% of a group's annual global turnover. It also looks at insurability of costs associated with GDPR non-compliance (e.g. litigation, investigation and compensation), as well as the insurability of non-GDPR regulatory fines.

The guide highlights that there are currently only a few jurisdictions in Europe where civil fines can be covered by insurance and, even then, there must be no deliberate wrongdoing or gross negligence on the part of the insured. Criminal penalties are almost never insurable. GDPR administrative fines are civil in nature, but the GDPR also allows European Member States to impose their own penalties for personal data violations.

Key findings include:

  • GDPR fines were found to be insurable in only two of the countries reviewed – Finland and Norway;
  • In 20 out of 30 reviewed jurisdictions GDPR fines would generally not be regarded as insurable, including the UK, France, Italy and Spain;
  • In eight of the jurisdictions it is unclear whether GDPR fines would be insurable. In these jurisdictions specific details around individual cases, for example the conduct of the insured and whether the fine is classed as criminal, will need to be considered.

Whilst the insurability of GDPR fines may be limited, insurance forms a key component of an organisation’s risk management strategy to manage costs associated with GDPR non-compliance and resulting business disruption losses. Such costs could include legal fees and litigation, regulatory investigation, remediation and other costs associated with compensation and notification to impacted data subjects.

Vanessa Leemans, Chief Commercial Officer, Aon Cyber Solutions EMEA says, “GDPR will expose organisations to significantly higher risks related to how they manage and store personal data. Data breaches, and other cyber events, could see businesses face both major fines and extensive costs. It is therefore essential that organisations fully understand where their exposures lie. They should work closely with their insurance partners to ensure they have an appropriate risk transfer solution and incident response plan in place.”

Organisations may also face damage to both their reputation and market position if impacted by a high-profile data breach.

Prakash (PK) Paran, Partner and Co-Chair, Global Insurance Sector at DLA Piper added, "While there are only a few jurisdictions where GDPR fines are insurable, insurance against legal costs and liabilities following a data breach is widely available across Europe and may provide valuable cover to organisations. However, corporate groups still need to consider reputational damage and impact on existing customers, the wider market, and their relationships with regulators, all of which may go beyond quantifiable financial losses. Prevention is better than the cure."

To download the full report ‘The price of data security: A guide to the insurability of GDPR fines across Europe’ please visit Aon’s website.


About Aon
Aon plc (NYSE:AON) is a leading global professional services firm providing a broad range of risk, retirement and health solutions. Our 50,000 colleagues in 120 countries empower results for clients by using proprietary data and analytics to deliver insights that reduce volatility and improve performance.

About DLA Piper
DLA Piper is a global law firm located in more than 40 countries throughout Africa, the Americas, Asia Pacific, Europe and the Middle East, positioning it to help companies with their legal needs anywhere in the world. For further information on DLA Piper, visit our website www.dlapiper.com

This publication is intended as a general overview and discussion of the subjects dealt with, and does not create a lawyer-client relationship. It is not intended to be, and should not be used as, a substitute for taking legal advice in any specific situation. DLA Piper will accept no responsibility for any actions taken or not taken on the basis of this publication. This may qualify as “Lawyer Advertising” requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.


Aon welcomes relevant dialogue and commentary on our thought leadership materials posted to our website. However, we reserve the right to delete any content that is harmful, obscene, or spam before it is published to the site.

If you elect to comment or engage with our content via third-party social media websites, you authorize Aon to have access to certain social media profile information. Please click here to learn more about information that may be collected when using these tools on Aon.co.za

All Comments(570)

Open for comments. Sign in or create your Aon South Africa account to join the discussion.
Tom Hatcher 7 Jun 2014 14:58 Comments Policy
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed luctus nulla ac sem viverra, quis adipiscing lectus elementum. Fusce semper bibendum pellentesque.
Sandy Smith 25 May 2014 11:44 Comments Policy
Lorem ipsum dolor et al.
John Smith 12 May 2014 17:09 Comments Policy
Lorem ipsum dolor et al. Lorem ipsum dolor et al. Lorem ipsum dolor et al.
Show all comments...
Previous 1 2 3 4 5 Next

Quick Forms

Contact Me
Compliments & Complaints

Twitter Feed