As the concept of leasing as a service continues its growth trajectory, a new type of insurance could step in to fill the gap opened up by potential regulatory fnes of £250,000 and upwards after 25 May, writes Brian Cantwell.

With the incoming General beginning on 25 May, the leasing market is dangerously exposed, argues a report from data protection consultancy Data Guardsman.

Te Information Commissioners Office (ICO) requires all businesses in the UK to be registered with it, and at the moment only 9% of the 5.4 million businesses, 480,000,  have registered in the UK.

“The lack of registrations with the Information Commissioner, the first step towards lawfully being able to collect, hold, share and use personal information of business or private customers, is a fair reflection of the degree of non-compliance generally amongst UK business with the data rules,” said the report.

“Lack of registration equals unlawful or criminal collection of personal information.”

The argument goes that non-registration with the ICO by lessees could mean a breach of contract for lessors, at least with regard to leasing agreements. And here is the hook for leasing companies and their lessees. There is legal precedent for the need to register:
Google v Vidal-Hall and others (March 2015), which states that every customer of non-registered businesses can automatically claim against those businesses.

The legal precedent could trigger liabilities under the provisions, contingent liabilities and contingent assets section of the International Accounting Standard (37).

The report also estimates that a business with 500 clients could be liable for a fine
of £250,000 from the ICO – all in all, a considerable risk to a leasing business with a lot of SMEs on its books and more on the way.

There are wide ranges of business types to which lessors might lend that come under
the watch of the ICO, from accountancy and auditing, to trading and pensions Administration.

And Leasing Life understands that the threat to businesses for data protection is
also physical as well as digital. The threats to data and fines from the ICO can be elicited
irrespective of whether the data is stolen online, or through a physical break-in to
business premises.

Data Guardsman suggests that the options available to lenders are:
• Create additional provisions on their balance sheets;
• Risk-manage all their borrowers;
• Require all borrowers to provide demonstrable proof of compliance with the Data Protection Act and GDPR before lending, which will mean little will be advanced;
• Provide borrowers with a DPA/GDPR compliance solution to avoid additional provisions and risk management, while providing proof of compliance.

Essentially, leasing as a service has grown as a product line in the leasing market. The provision of a solution in the same manner as asset finance insurance allows lenders to
handle the situation proactively, while also giving customers access to a valuable tool that they need.

With the same logic, with these threats to lenders and lessees, lessors could see insurance for data protection as a good hedging against a very wide and varied SME customer base.