The General Data Protection Regulation (GDPR) strengthens individual data protection to citizens of European Union member countries, and is set to take effect this May. However, GDPR also poses legal risk for insurance customers and businesses — even if they are headquartered in the U.S. or Canada.

GDPR "applies to company that has access to or is processing information" on citizens of EU nations, "regardless of where the organization is located," Terri Mason, CNA Canada's Assistant Vice President of Cyber and Professional Liability, tells Canadian Underwriter.

If a citizen of an EU member nation complains to his or her government about a data breach caused by a Canadian or U.S.-based company, the data protection authority in Europe can reach out to local privacy regulators to enforce the law, which carries fines the greater of 4 percent of annual revenue or 20 million euros.

Continue reading the full article published by Canadian Underwriter.