Do I Need A Data Protection Officer To Have Valid Cyber Insurance?

Caeva O'Callaghan | October 18th, 2021


The internet has created a vast number of new roles that need filling in any company. Data Protection Officer is among them – but do you really need one in order for your cyber insurance to be valid?

No. You do not need a data protection officer in order for your cyber insurance to be valid. Anyone can take out cyber insurance, no matter the size of the company or the number of employees.

The most important thing you need when taking out cyber insurance is solid IT security protocols. As long as your passwords are strong and you take measures to ensure you don’t fall foul of hackers, your cyber insurance will protect you.

In this article, we’ll cover the following questions:

Even if you don’t need one, it’s useful to know the daily responsibilities of a data protection officer so you can familiarise yourself with basic internet security practices.

What is a data protection officer?

A Data Protection Officer, or DPO, is someone who oversees a company’s processing of the data belonging to its staff, customers, clients and anybody else. They make sure these activities are carried out in accordance with the relevant data protection laws.

A DPO works within the DPC (Data Protection Commission) framework in Ireland to keep up to date with regulations and help implement any changes. Mainly, they ensure a reliable data protection and risk assessment strategy is in place and maintain compliance with regulations to protect the rights of the people your data belongs to.

A day in the life of a data protection officer will involve many different tasks related to their overall data protection strategy. These may include:

  • Handling data breaches – informing data subjects and the DPO
  • Providing training where needed
  • Reviewing policies and procedures
  • Acting as the main contact point to the DPC
  • Actioning subject access requests

It’s important to note that, whilst a DPO can and will offer advice concerning GDPR compliance, the responsibility ultimately lies with the processor or controller. If your company is found not to comply, it’s the fault of the owner of the company, not the DPO.

Do I need a data protection officer?

DPOs are becoming more essential and more commonplace than ever, but that doesn’t mean every company needs one.

Generally speaking, the more data you handle, the more you’ll need a DPO. If you are a sole trader or small business, it’s unlikely you need a DPO as you or another member of your staff are going to be more able to keep up with the demands of the role as well as your other responsibilities.

However, there are some circumstances in which you are legally obliged to have a data protection officer in place. These are:

  • You are a public authority or body (e.g. schools, hospitals, local governments)
  • Your core activities involve large-scale, regular and systematic monitoring of individuals (e.g. tracking and profiling such as CCTV or monitoring search activity)

If the core activity of your business involves the large-scale processing of special category data, you are legally required to appoint a DPO. Special category data is personal data that belongs in one or more of these categories:

  • Genetic data
  • Trade union membership
  • Health
  • Sexual orientation
  • Race or ethnicity
  • Political opinions
  • Identifying biometric data

If you’re in doubt, we can help advise you if a DPO is necessary for your business and for your cyber insurance.

How can I avoid my business being hacked?

Part of a data protection officer’s duties are working with your cyber security staff and software to ensure a breach never happens.

You should always put solid cyber security measures in place before you buy cyber insurance to avoid the need to claim. Install a good firewall which stops suspicious traffic from entering your systems. Always maintain your subscription and ensure that any patches or updates are installed immediately.

If you give your employees laptops or other devices, make sure this technology is encrypted. This will render the device and the data on the device useless to a thief who steals the physical item.

Ensure you make your staff aware of cyber security threats, and how to avoid them. Employees are vital in the fight against cyber hacking, so you should instruct them never to click on a suspicious email or try and download software from an outside source.

Confused about cyber insurance? Our experts are on hand to help. Contact one of our experts and that will go through the relevant options for your business.

OUR CYBER INSURANCE SPECIALISTS

RACHEL DIXON

CAEVA O'CALLAGHAN

CAROLINE MCARDLE

All Information in this post is accurate as of the date of publishing.