Have $57 million (or more) to spare? You’re going to need it if you run afoul of the EU’s General Data Protection Regulation (GDPR) without cyber insurance.
In late January 2019, the French data protection authority, CNIL, imposed a fine of €50 million—or roughly $57 million—on Google for violations of the GDPR. The fine is the largest imposed to date under the GDPR, since it came into effect in May 2018. The Google fine highlights a couple of things: the GDPR has teeth, and regulators in the EU won’t hesitate to enforce the regulation. Possibly more frightening to companies subject to the GDPR is that the fine was not imposed because of any data breach or disclosure of sensitive information but, rather, on account of Google’s ordinary data privacy practices.