GDPR Cyber Insurance Checklist

EU cyber insurance questions often start with GDPR exposure, but the review should not stop there. AI use, vendors, data transfers, incident response, ransomware controls, and policy wording can all affect whether a cyber event is cleanly covered.

Checklist before renewal

• Identify categories of personal data, sensitive data, record counts, countries, and systems involved.
• Review vendors, processors, cloud providers, AI tools, and contract indemnities.
• Check breach notification, incident response, legal, forensics, PR, restoration, and business interruption wording.
• Review exclusions for war, infrastructure failure, prior-known events, wrongful collection, and AI-related decision errors.
• Map where cyber, technology E&O, professional liability, crime, D&O, and media liability might overlap.

ToolDox workflow

Start with the AI Insurance Gap Mapper, estimate broader exposure with the Risk Exposure Estimator, and prepare renewal materials with the Submission Readiness Score.