The AON Report set out below gives an interesting overview about the potential insurability of fines under GDPR across Europe.
From a German perspective (which I think holds true for a number of jurisdictions) this discussion deserves more attention and, perhaps, also a bit more innovative thinking than the black-or-white solutions currently often put forward.
That may apply not only in respect of the underlying degree of fault but also with regard to the person who is responsible for the wrongdoing. My personal view is that it can make a difference, also from a public policy perspective, whether that is a director/ board member or an ordinary employee.
Moreover, the discussion is of course not only relevant in view of the new GDPR but also in many other fields, not least anti-trust.
And finally, another much-discussed aspect is whether a fined company can turn around and seek recourse against its directors in respect of a fine. This is much discussed currently especially in the German Railway Cartel case but has also been addressed by Safeway v Twigger in the UK. For companies and their insurers, these questions are indeed of utmost significance for their risk exposure and management.
The price of data securityThe potential financial impact of the General data Protection Regulation (GDPR) has generated concern across organisations globally. It is important for you to be aware of how the insurability of fines, legal and other costs and liabilities following a data breach is approached in different jurisdictions. GDPR fines can reach up to €20 million or, if higher, up to 4% of a group's annual global turnover.
http://www.aon.com/unitedkingdom/insights/a-guide-to-the-insurability-of-gdpr-fine.jsp