Yes, cyber policies cover a wide range of financial impact to a company arising from non-compliance with GDPR and data breach notification obligations under GDPR. Covered costs include; defence of regulatory actions and investigations, costs to investigate the breach quickly to understand what happened, notification to affected individuals, communication with regulatory authorities through legal counsel, and defence of lawsuits brought by individuals under GDPR.
The GDPR allows regulators to issue fines up to €20,000,000 or 4% of the company’s global turnover (whichever is greater), and a cyber-policy would also cover these fines, but only where insurable by law. The question of insurability under various laws is a developing legal issue. GDPR cover does vary, so companies should check that they understand exactly what is covered under their particular policy.