Expert says no need for Spanish companies to panic over GDPR
The EU’s General Data Protection Regulation (GDPR) that comes into force in May 2018 should not throw Spanish risk managers into panic, because the country already has strict data protection rules, according to Alejandro Ramos, chief information security officer of Spanish telecommunications giant Telefónica.
Mr Ramos told risk managers at the recent Risk Frontiers Madrid conference, hosted by Commercial Risk Europe in partnership with Spanish risk management association Igrea, that the GDPR is important and needs to be complied with. But he pointed out that risk managers and their management colleagues need to take a broader view of data protection and cyber risks in general.
“Regulations in Spain are quite strict on data protection already. The consulting companies are selling this as a big change, but the reality is that it is more moderate in a country like Spain where the rules are quite strict already. My Spanish colleagues across industry are all doing the analysis, but nobody is thinking this will be a difficult situation,” said Mr Ramos.
“The most important thing is to have a strong internal policy and focus on compliance. If you have compliance policies in place, they can be adjusted and focused on specific topics and matters. Remember that the GDPR is not focused on attacking cyber risks. I am not just worried about personal data protection, but I also want to protect my company’s data. GDPR is about personal data, but what if you have not protected your company data?” asked Mr Ramos.
“Clearly the policy has to be broader in scope. Our policy guarantees we have security measures in place whether there is a cyber attack, leak or even printed material stolen. You need a comprehensive policy and not one that simply reacts to regulations. It needs to be more than that,” he added.
Augusto Pérez, president of Igrea and director of insurable risks at Telefónica, is satisfied with the development of the cyber insurance market. “Once a company understands its risk it can find decent coverage,” he said. Mr Pérez believes there is adequate capacity on offer and it is fairly priced.
“The market has moved and developed very well in recent years. A few years ago there was no competition, but now there is five times the number of carriers and options,” he explained.
The Igrea president said there are clearly some gaps in coverage for certain sectors, particularly manufacturing and energy firms that may face exclusions. But his company is able to find cover that meets its needs “very well”, he added.