Beginning on May 25, 2018, the European General Data Protection Regulation (GDPR) will go into effect. Penalties for violating the law include the costs of additional audits plus 20 million euros or 4 percent of the offending companys annual global revenue (whichever is higher) Unlike many standards or regulatory guidance, the GDPR is the first to impose almost unreasonable and overly burdensome fines. Insurance companies may have a bandwidth challenge in having enough manpower to adequately evaluate cyber risk profiles of multinational firms that are now subject to GDRP.”]