Our insurance brokers’ approach to risk management solutions helps you to achieve the right level of insurance cover.
Choosing Gallagher gives you access to local expertise backed by international experience that will help protect your business and let you focus on what you do best.
View our expertiseOur insurance brokers’ approach to risk management solutions helps you to achieve the right level of insurance cover.
view our broker servicesOur insurance brokers’ approach to risk management solutions helps you to achieve the right level of insurance cover.
Our experts can give you the advice you need across a variety of different services.
View our servicesWe take the time to get to know your business and our specialists have expertise in all industries. We then tailor insurance and risk management advice and solutions to match your specific needs.
CONNECT WITH AN EXPERTFind out the latest information and research from our experts to help keep your business safe.
View allIn the Business Insurance & Risk Market Update H1 2022 report, our experts provide market insights and offer guidance to help you ensure your business has the right protections in place.
Get the reportFor more than 90 years, we’ve helped businesses face their future with confidence. Hear more about our story and how our experience can help you.
View allThe world is watching the first European Union General Data Protection Regulation (GDPR) action against a non-EU company – a test case with global implications.The business in question is AggregateIQ, a small Canadian company specialising in social media advertising, which is accused of using data from United Kingdom and European citizens for politically related advertising.
AggregateIQ was engaged by supporters of Vote Leave, the 2016 Brexit referendum campaign that persuaded UK voters to poll in favour of leaving the European Union. It is alleged to be linked to Cambridge Analytica, the organisation accused of using Facebook data to promote Donald Trump’s 2016 presidential campaign.
At present the United Kingdom GDPR authority, the Information Commissioner’s Office (ICO), has simply ordered AggregateIQ to desist from processing the personal data of UK or EU citizens, obtained by any means, for the purposes of data analytics, political campaigning or any advertising.
AggregateIQ has indicated it will appeal against this enforcement order, which carries infringement penalties of up to €20 million, or 4% of its worldwide revenue, whichever is greater.
“If the case against AggregateIQ is successful, clients who don’t have operations in the EU but do have connections to the data of EU citizens will be exposed to prosecution under the strict GDPR legislation, greatly increasing their responsibilities and risks,” warns Gallagher cyber specialist, Product Manager Travis Gauci.
“In response to this exposure Gallagher has been working with clients with international operations to navigate the increasingly complex exposures associated with privacy and cyber security.”
The ICO maintains that AggregateIQ was provided with UK citizens’ personal data as part of its work on the Brexit campaign; data which was then used to target these individuals with political advertising through their preferred social media platforms.
United States law firm Saul Ewing Arnstein & Lehr has published a legal analysis of the basis of the case.
The ICO claims AggregateIQ violated 5 GDPR provisions.
The ICO maintains that AggregateIQ violated these provisions by
The case will test the actual scope of the GDPR in practice and has significant implications for countries outside of the EU.
“This example brings into focus the responsibility for ALL businesses to understand what data they hold, what is being done with it and what legal requirements they are subject to,” Gauci says.
“The financial and reputational consequences of ignoring this can be catastrophic for many businesses, which is why cyber insurance is increasingly being seen as a mandatory purchase as part of a risk management and insurance program.”
If you are concerned about how the GDPR could potentially impact your business or have any other questions around your cyber risk and insurance contact our specialist team of cyber insurance brokers who will be able to help you understand the legislation further.
Download your free guide to developing a data breach response plan here.