Banks and other financial institutions are familiar with tackling constant threats caused by data security negligence. The rising rate of cyber-attacks and hacking campaigns have made banks reevaluate their security measures to guard against external attacks on the data that they store.
The, soon to be active, General Data Protection Regulation (GDPR) has been devised by the European Union to reward better protection standards and encourage professionals to keep a closer eye on data security. The hope is to minimize susceptibility to a cyber attack due to the fact that they store a massive amounts of data and complete a sizable portion of their customer transactions using digital technology.
Financial Institutions deliver more individualized range of services when they have more personal data pertaining to their customers. In parallel with this their customers are offered better facilities with faster services, easier payments and access to a wide range of services via digital access. Due to this banks must have the capacity and technical infrastructure to provided data protection. With the introduction of GDPR there will be a litany of changes to the current data protection regulation. The new law will initiate a new system of punishments and fines for data violations. Addtionally, it will provide customers with more control over their private information so they can stop this being used for commercial purposes including marketing.
GDPR states that customers should give official permission before banks can use their private data. They (customers) may also complain if their date is misused. Financial institutions that do not adhere to the data protection regulations could face a penalty of up to €20m or 4% of annual revenue – whichever figure is higher. In 2015, British companies paid financial penalties worth £880,500. Under GDPR this amount could be as much as 70 times higher, approximately £61m.
Delayed alerts issued to customers following a data breach make an financial institution look inexperienced and unprofessional. Banks normally target precautionary measures at the cost of improving resilience of their systems. Previously, companies that have handled data violations inadequately have had a hit to the revenue, a fall in client numbers and experienced the forced resignation of board members in some cases. GDPR requires data breaches to be reported withing 72 hours of a financial institution discovering it.
Financial Institutions that are not up to speed with regard to having adequate response measure in place 25 May next year will face severe penalties. The first steps taken to address this include upgrading security measures to achieve first and second line cyber security, staff training on cyber-related crimes and reviewing current IT systems.