Under the GDPR rules, banks could be fined billions

Written by on June 22, 2017 in Guest Blog with 0 Comments

By Kisialiou Yury / Shutterstock.com

European banks face €4.6 billion in fines in first three years under new GDPR (General Data Protection Regulations) according to Consult Hyperion Report.

A new study commissioned by security outfit AllClear ID, ‘GDPR – Banks, Breaches, and Billion Euro Fines’ forecasts that European financial institutions could face fines totaling €4.6 billion in the first three years under GDPR. The forecast by Consult Hyperion is conservative and excludes compensation claims, costs associated with lost customers, damaged reputations and senior executive resignations.

When GDPR is officially applied in May 2018, banks will be under unprecedented pressure to comply. Financial institutions can receive fines of up to 2% of the previous year’s global annual revenues for a first offense and 4% for repeat offenses where the regulator has previously ordered remedial action. There are also possible criminal penalties for executives deemed responsible.

GDPR’s 72-hour breach notification requirement means banks’ ability to manage and respond to a data breach in an open and efficient manner will be critical. Under GDPR, regulators will have significant discretion in the penalties they can levy, and will no doubt be looking to make an immediate example of those that fail to comply with new regulations.

As Tim Richards, Principal Consultant at Consult Hyperion, stated, “the highest risk item in the GDPR is the 72-hour breach notification requirement, and banks are not mitigating this.”

“Data breaches are an unfortunate fact of life for financial institutions, and our analysis suggests that there have been no fewer than 27 data breach incidents among European Tier 1 banks in the last decade, with some banks as multiple offenders, potentially liable for fines at the 4% level. This indicates an 8% chance that any Tier 1 bank will suffer a data breach in any given year. These figures, we believe, are conservative, and banks are not prepared for the consequences under GDPR,” he continued.

More on Allclearid.

This article was first published on The Fintech Buzz.

Tags: , , ,

Anthony Back

About the Author

About the Author: Anthony is currently a Senior Fintech Analyst at Expert Market Insight and the Director of Content at BreakingFinance, a fintech content creation firm. After spending several years tracking and analyzing technologies and investments at Israel Venture Capital, he now focuses his time conducting research and analysis on the global fintech industry to help startups, financial institutions and finance-related companies develop insightful content. Anthony’s areas of expertise include payments, trading & investing, banking, blockchain and digital currencies. He is also the lead contributor at thefintech.buzz industry blog. .

Subscribe

If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
%d bloggers like this: