New ICO Guidance to Help You Market Under the GDPR

This past December, the Information Commissioner’s Office (ICO) updated its existing General Data Protection Regulation (GDPR) consent guidance to include the new Article 29 Working Party (Art. 29 WP) clarifications. The Art. 29 WP is an advisory body made up of representatives from the data protection authority of each EU member state, the European Data Protection Supervisor and the European Commission. The Art. 29 WP published its consent guidance to clarify GDPR consent and make it easier to comply.

Even though the GDPR will come into force on 25 May, the ICO’s consent guidance may yet again change as Parliament works on enshrining the GDPR into UK law in the form of the Data Protection Bill. What’s more, while the guidance introduced by Art. 29 WP is not radically different, your organisation must stay abreast of any new adjustments to ensure compliance. If your organisation collects any personal data, your consent must meet the following GDPR standards:

• Unbundled—Consent requests must be separate from other terms and conditions, and should not be a precondition of signing up for a service.
• Active opt-in—You cannot use pre-ticked opt-in boxes.
• Granular—Provide options to individuals to consent to different types of processing.
• Named—Provide the name of your organisation and any third parties that will be relying on their consent.
• Documented—Keep records that demonstrate what the individual has consented to, what they were told, and when and how they consented.
• Easy to withdraw—Inform individuals that they have the right to withdraw their consent at any time and explain how to do that.
• No imbalance in the relationship—Consent will not be freely given if there is an imbalance in the relationship between the individual and your organisation.

For more information on protecting your organisation with vital cyber-insurance and ensuring continued GDPR compliance, contact Direct Insurance London Market and ask for a copy of our in-depth checklist on obtaining consent under the GDPR or visit

Managing Risks for Directors and Officers

Every decision that directors and officers (D&O) of a company make has the potential to be scrutinised by clients, employees, shareholders and peers. These stakeholders may pursue legal action if they believe a decision adversely affects their best interests. And the stakes are high—directors and officers risk losing their personal assets if they are ever involved in legal action for a decision made in the course of performing their regular duties.

As a business owner, it is vital to have the proper risk management in place so you can attract talented directors and officers to your company. Consider tweaking the following three aspects of your business to boost your D&O risk management strategies
Corporate Structure

Prior to hiring a new director or officer, review your corporate structure to make sure your practices are sound and secure. Focus your review on the following:

• Employee orientation, training and education – Examine the type of training and education you are providing employees and gauge whether it is enough or whether more is needed. Review any incidents that have occurred in the past due to lack of training and talk to employees to get their feedback on the amount or type of training they receive. Also, make sure your managers are completely aware of any compulsory legislation and regulations your company must follow.

• Internal policies – Do your policies clearly state your ethical standards and what is expected of employees? Legal procedures should be outlined within each policy so employees are aware of the guidelines.

• Liabilities – Review potential liabilities in all areas of the company and the amount of risk each liability poses. This includes reviewing the amount of decision-making power each employee wields. In some cases, your directors and officers may have to rely on information from these employees if they do not have the time to extensively research the details themselves before making a decision. The employees that are tasked with gathering this important information for your managers need to be reliable.

Indemnification Provisions
While reviewing your business’ corporate structure, it is also a good time to take a look at the indemnification clauses in your by-laws or articles of association. Offered by many companies, indemnification clauses allow an organisation to compensate a director or officer for losses incurred while defending against a D&O lawsuit. It is important to review your clauses if you have not done so in years because the language may no longer be clear and you may need to revise or add to the language.

The expenses your executives may incur in a D&O lawsuit can be compensated on either a discretionary or mandatory basis. With discretionary indemnification, companies have no obligation to reimburse expenses, although they can do so if they wish. Reimbursement is decided on a case-by-case basis. With mandatory indemnification, businesses are obligated to reimburse all directors and officers for expenses incurred as long as the legal action against them is defended successfully. Determining which is better for your business (mandatory or discretionary) means you must consider your company’s appetite for risk as well as the type of director or officer you want to attract.

Keep in mind that there are exceptions to the indemnification provisions. If legal action is brought against a director or officer by a shareholder, he or she cannot be reimbursed for any expenses because essentially the company would be paying itself. Also, if the company were to become insolvent, it no longer has the obligation to uphold the indemnification provisions.

D&O Insurance
Public liability and products liability policies do not cover the cost of D&O legal actions. Settling these legal actions—even if the director or officer is found innocent—can be costly and bankrupt a company or individual. Many companies choose to purchase D&O insurance to protect their executives from legal expenses and personal liability exposures not covered by indemnification.

Assess the D&O policy you have in place and review the policy terms to make sure your limits are high enough to cover legal action against your directors and officers. Also, pay attention to exclusions in your policy, as lawsuits stemming from employment practice are usually not covered. You can count on the insurance professionals at Direct Insurance London Market for the resources and expertise you need to purchase a new D&O policy or update your existing policy today.

To learn more about what we do simply visit or get in touch with our team today (0) 20 3818 8060.