The pain of GDPR compliance and the long term effects

Posted by 7 September, 2018 (0) Comment


GDPR has no exemptions that organisations I work with can rely on, perhaps for the first time with data, we are all in it together.

The challenges facing organisations trying to comply are magnified by the amount of “fake news” surrounding it. I haven’t been surprised by the feeding frenzy from those trying to cash in yet I am somewhat alarmed by the number of “experts” on this untried legislation. I understood that it took 10,000 hours to become an expert in something and I’m wondering how the experts managed that. C’est la vie.

What truly concerns me is that this is a massive cultural change and I fear that the policies being written and disseminated are not going to empower the people that need to deal with data on a daily basis. During my 29 years in the field of risk, insurance and business continuity I have seen many issues that could have been avoided by educating people. Yet it seems that policies are written to ensure employment or contracts can be terminated rather than actually encouraging people to comply. I realise that this is partly due to legal precedent yet motivating people by fear is far weaker than motivating them by other means.

Having listened to many people and taking in copious amounts of information, I think that the feeding frenzy has prevented people from understanding the “mission” of the data regulators. They want organisations to be careful with data and respect the wishes and privacy of people like you and I.  It is not a lot to ask yet achieving that aim is undoubtedly awkward. It is a lot less awkward if the culture of an organisation recognises this.

I have this awful nagging doubt that people will not be motivated to do the right data thing if they are told off or, disciplined when they make mistakes. I’ve seen many policies that tell people what to do yet they are rarely allied with the cultural piece. Even rarer is the right level of education and reinforcement that motivates.

The deadline will come and go yet the mission of the regulator is not going to be achieved if the culture of blame continues to be the most pervasive in organisations. One issue that no-one seems to have thought about is the way salespeople treat data. Arguments over who owns it are regular, especially with the advance of online networks. Roughly 50% of people take data with them when they leave one organisation for another. There are at least two companies in breach when this happens and the individual has broken the law. It is theft after all.

The existing regulations state that this shouldn’t happen yet half of the population think it’s OK to take it when they really know that they shouldn’t. It could be argued that the policies that discipline people have worked because they have stopped the other half from doing this. Yet half is not enough. It should be a single digit number, at the very worst.

So policies and procedures are not working now. New ones will not change that if they don’t address the cultural side of human behaviour.

What can be done?

A new type of policy is required. Naturally, it should start at the top of an organisation. It should motivate people to change the way they think about data. It should be readable, not shrouded in jargon. It should reward people for doing the right thing. It should be something that everyone is reminded about. But not “beaten up” over.


Jason Cobine is an Insurance broker in London who works with businesses and charities. He has built a business from scratch, without pilfering data so he knows how hard it is. Yet it was a cultural decision that has been proved to be correct.


Categories : Accountants Insurance,All Risks Insurance,Business Insurance,Company Insurance,Contractors Insurance,Intellectual Property Insurance,Legal expenses insurance,Liability Insurance,Personal Insurance,Solicitors insurance,Uncategorized Tags : , , , , , , , , , , ,

The GDPR is coming. Time to sit down, relax and take stock

Posted by 3 May, 2018 (0) Comment

This article is about the feeding frenzy taking place, how to avoid it and what to look out for in the run up to GDPR lift off.


Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.


The vultures have been circling for some time now.


Plenty of people are putting the frighteners on good people that just want to survive the supposed relentlessness of heavily armed Data Commissioners issuing fines aplenty. Which will not actually happen. The ICO simply haven’t got enough resources to do that. Much like other agencies that are not for profit.


Speaking of which, it is those that are for profit that we need to be wary of. I’ve received several updated contracts from insurance companies dictating how data issues need to be resolved. My first piece of advice is to establish what your partners expect of you because, whilst the data commissioner might give you 72 hours to report certain types of breach, I am now contractually bound to give others 24 hours notice. Probably because they want the lions share of the deadline to get themselves ready. They also insist on certain types of data security and issue tight deadlines on “data subject access requests”. Cheeky but true.


So have you read all your contracts recently?


At least some of our partners are decent enough to tell us they’re being updated. Other contracts, like insurance policies, already cater for the change with clever wording. Where it states that they expect you to be complying with the law it actually means that as soon as the law changes, you have to be compliant with the new one. They don’t need to wait for the renewal of a contract to make you keep up with legislation. They’ve already taken care of it.


Are you going to read all your supplier or partner contracts? Probably not. Who has the time? I hear you sigh! Keep these in mind when you are changing your policies that are affected by GDPR. There might be a clash. You might want to notify them with 72 hours, yet they might stipulate immediately. Forewarned is forearmed and I don’t think fines are going to cause the biggest headache. I think it will be interruptions to business and loss of reputation and/or clients.


Government crack the whip


I have a feeling that the government announcement last week, that it would try and reduce the compensation culture by cracking down (again) on so called “whiplash” claims, might fuel the class action culture that Morrisons supermarkets find themselves subject to. There are a lot of companies that rely on that revenue stream (it’s in the billions) and they will switch to the next as quick as they went from PPI to holiday sickness claims. And PPI is coming to an end.


Wrap Up: We’re not overly concerned about the deadlines imposed by our supply chain because we have the resources to cope with them. Yet we’re very pleased we know what they are because a data breach causes enough confusion on it’s own.


Top Tip: Once you’ve assessed your position, review your contracts to see what else you might need to weave in. This is a once in 20 year opportunity to engage with your stakeholders. Done well, it will build trust regarding data and how you want to keep it safe. That trust is gold dust in the current climate.

Categories : Accountants Insurance,All Risks Insurance,Business Insurance,Company Insurance,Contractors Insurance,Customer Service,General Requirements,Intellectual Property Insurance,Liability Insurance,Solicitors insurance Tags : , , , , , , , , , , , , ,

Insurer’s blind eye leaves business owners vulnerable

Posted by 12 October, 2012 (0) Comment

This article looks at why it’s vital for companies to protect their reputation. Employee accusations can really hurt, especially if word spreads that you’ve acted immorally, just because someone is being vindictive.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

Who protects the boss?


It’s a real nightmare for business owners when employees get upset. Business is Business yet allegations of discrimination or mistreatment can be quite frightening. This is especially so if word were to get out that a business acted questionably or immorally, simply because someone is disgruntled or being vindictive.

Rumours can easily reach clients, and frequently do, so we often help business people who want to nip these issues in the bud. They reduce the chances of unexpected legal costs, by asking us to help them reduce the impact, if malicious rumours are being spread about them. This is a sensible approach, that proves extremely cost effective, should it ever happen.

Does it always work?


Usually it does… yet recently I found an insurance company who wasn’t providing the cover I expected. I was discussing the merits of a policy with the company that issued it. When I congratulated them on having more generous cover than their competitors they seemed surprised.

They went on to look into the policy, and informed me that their generosity was a typo and the cover they mentioned didn’t apply. This was a real shame because I had already mentioned it to my client. Of course I had to withdraw my recommendation.

What about those that have already invested in this protection?


I pushed a bit further and decided to enquire “what are you going to tell those that have already purchased this cover?” Nothing, they told me. “not even at renewal?”. Nope, they said.

So there are now businesses up and down the UK whose insurer knows their contract might be inadequate yet their insurer doesn’t care. Regrettably, this is quite often the case. I’ve reported to the FSA and I’ll let you know how I get on if they ever answer my letter.

Wrap up: Insurance companies have very little idea about customer service because they don’t deal direct with business people.

Top tip: At least annually, you should aim to review the risks to your business assets and business income, and think about what could cause damage to your reputation too.

Who to share this with: Managing Directors, Business Owners & Human Resources specialists.

Categories : Accountants Insurance,All Risks Insurance,Business Insurance,Company Insurance,Customer Service,General Requirements,Liability Insurance,Personal Insurance,Uncategorized Tags : , , , , , , , , , , , , , ,

Solicitors’ “silly season” is not so silly

Posted by 20 August, 2012 (0) Comment

Silly season is upon us and the PI renewal scramble has already started. Yet it isn’t so mad this year. Read on to find out if that is because of the ABS’, SRA or insurers.

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts, plus details of events and promotions that could help you or your network reduce the risks facing their organisation.

Rates Are Down

Deck of cards on a graph - Business GambleCould it be that insurance companies are being more amenable because there are now fewer firms looking for specialist solicitors indemnity? Their market is shrinking. Perhaps firms set up as ABS’ have found a better way of meeting SRA requirements? Perhaps new regulations for COLPs and COFAs have lead to fewer claims.

It’s more likely that the new entrance into this specialist market have increased competition. This could lead to short term gains and long term pains, like Quinn.

Are New Entrants Good News?

There is a certain amount of irony here. Over the last few years insurance companies have not accepted proposals from solicitors with shaky finances. Yet solicitors will accept quotations from insurance companies they’ve never heard of, with claims departments that may as well be in Timbuktu.

Solicitors seem happy to rely on the fact that SRA approved the new entrants, and brokers are happy to offer the quotations if it secures them a client or renewal.

Memories must be extremely short because the SRA approved Quinn too, and brokers continued to offer Quinn quotations days before they went bust.

Dig A Little Deeper

It’s a good time for solicitors to take their pick from the available insurance companies. I can still see the logic in getting the best rates, reducing costs and ticking the SRA box.

Now the market is competitive again it would be prudent to delve a little deeper into insurance company service. Does the policy provide the right cover – yes. Will you get assistance from the claims department – probably. Will the way the claim is handled meet your expectations… who knows!

Wrap up: COLPs and COFAs – love the role or hate it, they are the people that can implement lessons that businesses have learnt and solicitors have been deprived of. The identification of near misses and risks that solicitors were previously unaware of, will help practises evolve profitably.

Top tip: COLPs and COFAs can reduce costs and increase profits. Undertaking the role properly will mean both can be achieved independently of each other.

Who to share this with: Managing Partners, COLPs and COFAs.

Categories : Accountants Insurance,After The Event,All Risks Insurance,Building Contractor,Business Insurance,Company Insurance,Contractors Insurance,Customer Service,General Requirements,Health & Safety,Legal expenses insurance,Liability Insurance,Litigation expenses insurance,Personal Insurance,Solicitors indemnity,Solicitors insurance,Trade,Uncategorized Tags : , , , , , , , , , , , , ,

What is the dirty little secret of Insurance? part II

Posted by 12 April, 2012 (0) Comment

I’ve previously posted how your legal expenses cover probably allows you to take action against anyone except your insurance company. The second in this series moves us all towards the sticky wicket of Health & Safety. This week I write about why legislation is a prerequisite to getting claims paid, why insurer’s don’t make it clear that this is part of the insurance contract and how it is kept a secret.

Read Insurance’s dirty little secret – part I

Welcome back, or if you’re new here sign up to our orange RSS button to the top right of this page to receive insurance tips, new posts plus details of events and promotions that could help you or your network reduce the risks facing their organisation.


Why do insurers do this?

They are businesses. The fewer claims they pay the more their shareholders receive. However, they also need to attract customers, and cynically hiding the worst parts of their products and service allows them to do so. They make the cover out to be wide (using terms like comprehensive or all risks) yet the exclusions seem little (fine print).

They will decline the claim of one company on the same day as they accept the proposal of another (almost) identical company. Both companies will have similar risks yet insurance companies know MDs and FDs would not buy from them if there weren’t going to get a ROI.  So they “sell” the benefits and make sure they have room to wriggle in their policy documents. You might only see the detail after you have parted with your premium.


Why is it dirty?

Legislation changes all the time and it’s difficult to keep up with it. Insurers know that businesses struggle, so they provide practical help to the top tier of their clients or those that are extremely high risk. That’s because losses suffered by some businesses are huge and it’s incredibly bad PR for an insurer to decline a ‘front page’ claim.

Brokers know this too.  In a world where every premium increased every year most brokers would be happy. I meet lots of business people who are unaware of important terms and conditions. When a claim is refused or reduced the broker often blames the insurer. Sometimes they charge a client more to move to a different insurance company.


How is it kept secret?

The clause that catches most people out is in nearly every policy. It doesn’t even mention Health & Safety – it’s that ambiguous. It’s not even highlighted in the ‘key facts’ documents that the FSA insist make insurance buying clearer.

I know FDs that have checked insurance for years and never understood what this clause really meant. In black and white; if you are not following every piece of legislation current today you may find that a loss that happens tomorrow is not insured. And if they do pay it you might find your premium increases without a satisfactory explanation.


Wrap up: Are you keeping up with legislation? Insurers expect you to do your bit before they do theirs. An insurance policy isn’t a guarantee. Insurers are obliged to pay out when terms ad conditions of the policy (insurance contract) have been met.


See our top tips section for simple ways to help yourself today.

Categories : Accountants Insurance,After The Event,All Risks Insurance,Building Contractor,Business Insurance,Company Insurance,Contractors Insurance,Customer Service,Health & Safety,Legal expenses insurance,Liability Insurance,Litigation expenses insurance,Personal Insurance,Solicitors indemnity,Solicitors insurance,Trade Tags : , , , , , , , , , , , ,

What is the dirty little secret of Insurance?

Posted by 1 November, 2011 (0) Comment

There are hidden clauses that loom large in policy documents and some are more sinister than others. Here I explain what the secret is, why it is dirty and how it’s still a secret.

Welcome back, or if you’re new here sign up to our RSS or email feed to the top right of this page to receive insurance tips, new posts plus details of events and promotions that could help you or your network de-risk their organisation.

What is insurance companies dirty little secret?

The insurance market has a reputation of escaping from legal contracts using small print.

When businesses have a dispute they often seek legal recourse. The complainant will sometimes have insurance to cover such disputes. They ask their insurer to cover the cost of taking action yet policies prevent insurance buyers from taking action against insurance companies. Not much help if an insurance  company has refused  to honour the policy they issued.

Insurers do not make this clear. It’s difficult enough when commercial disputes arise, it’s galling to find that you have been given a false impression by the people you had invested in. Insurers paying claims want to reduce the most obvious or exclude them.  It’s unfair when the exclusion prevents you taking action against a supplier that has obviously got something wrong – as is often the case when claims are badly handled. But for insurance companies to close ranks in this manner, that’s pretty low. Whatever their reasons.

Why it is dirty?

Because it’s industry wide, it’s tantamount to a cartel. Have all insurers secretly agreed that they will support claims against any industry except their own? If not, why hasn’t an entrepreneurial insurer stuck their head above the parapet and issued a policy that covers taking such an action?

Insurance disputes are common and it’s not always the broker that makes a mistake. Insurers are often culpable yet it costs almost £20,000 to take action against them. That is bad for UK business. Of course, it could be down to the fact that the insurance actuaries have worked out that insurers nearly always win cases. I suspect this is because complainants often run out of money to fund their legal case. If I’m right the figures will always be skewed.

Why it’s a secret?

I doubt if insurance companies place this exclusion at the back of their policies by accident. It’s not front and centre as you would expect such a sweeping exclusion to be.

There are other secrets in policies that are difficult to unearth and comprehend. Yet the dirty little secret of not allowing your client’s to take action against your competition is the most sinister show stopper.

Wrap up: Insurance companies do not pay claims when the insurance contract between them and their policyholder has been breached. If they refuse to pay a seemingly valid claim policyholders need to dig deep to ensure they get what is due to them. 

Top Tip: Spend time assessing the key risk to your business and make sure you understand your insurance policies which are legally binding contracts. Make sure that important contracts and agreements are not excluded from your policies.

Don’t forget, if you want to reduce risks to assets, income and reputation sign up to our RSS or email feed to the top right of this page to receive insurance tips, new posts plus details of events and promotions that could help you or your network reduce the risks facing them or their organisation.

See our top tips section for simple ways to help yourself today.

Categories : Accountants Insurance,After The Event,All Risks Insurance,Business Insurance,Company Insurance,Contractors Insurance,General Requirements,Legal expenses insurance,Liability Insurance,Litigation expenses insurance,Personal Insurance,Solicitors insurance Tags : , , , , , , , , , , , , , , , , , , ,