White paper: GDPR – banks, breaches and billion euro fines
Are financial institutions ready for the 72-hour notification challenge?
The European Union’s new General Data Protection Regulation (GDPR) introduces 72-hour breach notification requirements along with severe regulatory fines and consumers and affected third parties now have the right to sue organisations responsible for data breaches.
Most financial institutions are focusing on prevention – as they should – but the highest risk item in the GDPR is the breach notification requirement, and banks are not mitigating this
The chances of a breach occurring are increasing due to the conflicting requirements of new European financial service regulations The ePrivacy Regulation, the Anti-Money Laundering (AML) Directives and the Second Payment Services Directive (PSD2) simultaneously increase the scope and longevity of personal data while mandating the introduction of new channels that allow third-parties to access some of it.
Based on an in-depth analysis of historical breach data, we conservatively forecast that European banks can expect fines in the region of €4,662 million in the first three years after the introduction of GDPR. These figures do not include compensation claims, costs associated with lost customers, damaged reputations and senior executive resignations.
The full findings and their analysis can be found in this free white paper. Get it here.
