Aon protects risk of errors and omissions arising from DPO activity

Aon announced, during the II National Meeting of Data Protection and Security Professionals, an exclusive partnership with APDPO (Portuguese DPO Association) through which it will make available to its associates a new insurance solution aimed at Caregivers and Consultants. Data Protection This solution, embodied in a professional liability product, was designed to protect the Data Protection Officer (DPO) function from the risks of errors and omissions inherent in the performance of the function, as defined in Article 39 of the General Data Protection Regulation. (RGPD).

“DPO functions have been under Portuguese law since August and it is important to safeguard data protection officers from the risks inherent in their activity. Due to error or omission, the costs associated with improper use and treatment of data can be extraordinary for companies. Betting on the training and protection of Data Protection Officers is betting on the competitiveness of companies”.
Tiago Vieira, Executive Director of Aon Portugal

Although demand for this type of product is still small, the penal framework to be applied to the DPO in the event that this is the figure to blame for a possible data breach makes the perspective on the issue critical for companies.

“There is currently an increase in demand for DPO preparation and training courses, which is a good indicator that companies are aware of this issue. This new solution, in addition to protecting data protection officers, helps to make the function credible and professional.”
Tiago Vieira, Executive Director of Aon Portugal

UK tops fines for non-compliance. In Portugal there is a fine of 400 thousand euros

Company Administrations are increasingly concerned about the issue of data protection and the resulting fines. According to a recent Aon study, the highest fines so far have been recorded in the United Kingdom, with the notification of a 240 million euro fine imposed on British Airways, and another 110 million euro fine for the Marriott hotel chain.

In France, a fine of EUR 50 million related to data transparency and consent was imposed by the French Prudential Supervisory and Resolution Authority on a technology multinational. In Portugal, the highest fine imposed by the National Data Protection Commission amounted to 400,000 euros following irregular access to patient data in a hospital.

“Addressing this issue correctly is not just about compliance with the law or the possible associated fines. This theme should be central to the management of corporate reputation and the positive perception of brands in the market”.
Tiago Vieira, Executive Director of Aon Portugal

The existence of the DPO function is not mandatory, but is recommended in all organizations that handle personal or sensitive data. The role of the DPO is provided for in Articles 37, 38 and 39 of the RGPD and should be carried out in accordance with professional competences, in particular advanced data protection, security and data protection knowledge.