Tag Archives : data protection

Cyber awareness challenge


How cyber aware are you? Here are some questions that will provide food for thought. The answers are a mixture of fact and judgement.

When will the EU Data Protection Regulation start to apply?

A. 25 May 2018
B. 25 March 2017
C. 1 June 2017
2. How quickly do you need to notify a data protection breach to your supervisory authority under the EU Data Protection Regulation?
A. Within 24 hours
B. Within 72 hours
C. It’s voluntary
3. What is the maximum fine a business can face for a breach of the EU Data Protection Regulation?
A. 2% of global turnover
B. 4% of global turnover
C. € 20 million
D. €10 million
4. What digital risks are you most concerned about?
A. Theft of personal data
B. Loss of intellectual property
C. Hacks for ransom
5. What is a bit coin?
A. A euro cent
B. Something left over from your holiday
C. A unit of digital currency
6. How does your organisation cover the cost of cyber risks?
A. Through existing property/casualty policies
B. Stand-alone cyber insurance in addition to existing coverages
C. We don’t think any insurance will make enough difference to a big data breach or hack
7. How satisfied are you with your organisation’s procedures for dealing with data breach and cyber attack?
A. Reasonably satisfied but it needs updating
B. Satisfied, but it can always be improved
C. Something I worry about


  1. A
  2. B.
  3. B: but all are possible, depending on the circumstances;
  4. Data breach is the most likely but all are possible.
  5. C.
  6. All are possible.
  7. B, hopefully.

All the answers correct? Share and consolidate your knowledge by attending the digital risks roundtable and interactive cyber security workshop at the FERMA Seminar on 4 October.

Most of the answers right: The FERMA Seminar on 4 October is a good place to build your knowledge.

Less than half the answers right: You definitely need to come to the FERMA Seminar digital risks roundtable and workshop on cyber risks on 4 October. Bring a colleague.


Risk Conversation at Board level: 2nd webinar with ecoDa and AIG

The second webinar dedicated to data protection and cybersecurity in our series “Risk Conversation at Board level”

PART I – How to adapt the risk governance to the changing regulatory landscape for personal data ?

23 February 2016 from 10:30 – 12:00


Speaker Biographies

Speaker Biographies

The two parts of the webinars are:

Webinar PART I Data Protection – how to adapt the risk governance to the changing regulatory landscape for personal data (Data Protection Officer, breach notifications, sanctions, hosting, transfer and treatment of personal data)?

Webinar PART II Cyber security – managing the consequences. How to identify, assess and mitigate the cyber risks? What should be the level of awareness of the Board? The Insurance part: the US example led by the existing regulations (mandatory breach and IT incident notification…)

The good management of data is now an essential part of the business model of many organisations. But with new dependencies linked to the increased use of external hosting, collection, treatment and transfer of data, it is also posing heavy challenges legal, IT and strategic issues.

If it is no longer a pure IT or legal issues; who is required to take the strategic decisions to allocate the right resources (staff and budget)? What role for the Board?

Should data protection be higher on the Board agenda?

How the Board members should get the right information on the specific data risks of their organisation to be in a deciding position?

Who will be the interface between the practical concerns and the need for strategic decisions?
Is there a role for the risk manager as the instrument to collect, consolidate and analyse the relevant information related to the data protection and the cybersecurity of the organization?

Cyber insurance market: incentives and improved cybersecurity for organisations

French and British initiatives are taking the role of insurance for cyber risks into account in their national strategy for cybersecurity.

In June 2014, the UK Government launched a joint initiative with some major British insurers to increase the level of IT security in UK companies. Called the Cyber Essentials scheme, it is based on certificates and will ensure that certified organisations have a certain amount of security measures in place. Cyber Essentials has been developed in close consultation with the insurance industry and is backed by AIG, Marsh, Swiss Re, the British Insurance Brokers’ Association (BIBA) and the International Underwriting Association (IUA). Continue reading

Future Data Protection Regulation for holding private data?

The EU regulator is at the final stages to adopt the Data Protection Regulation which will set up new rules for operators on how private data must be managed.

In March 2014, the European Parliament strengthened several requirements such as making the applicable fines for breaching rules up to €100 million or 5% of annual worldwide turnover (whichever is greater) when the original proposal of the European Commission suggested fines “only” up to €1 million or 2% of annual worldwide turnover. Continue reading