Financial organizations such as banks are not new to the threats of data security negligence. The increasing rate and severity of cyber-attacks have made banks consider resiliency against external attacks their top operational risk priority.
The European Union introduced strict General Data Protection Regulation (GDPR) to incentivize improved data protection standards and encourage professionals to remain focused on data security. The aim is to lower banks’ vulnerability to attack as they store a significantly large amount of data and interact with the customers using digital technology.
Banks deliver more personalized services when they have more information about their customers. At the same time customers enjoy improved services with quick transactions, convenient payments and access a broad range of services through their computers. Banks must have infrastructural capability to offer data protection. GDPR introduces many changes to the existing data protection regulation. The law will introduce a new system of penalties for data breaches. In addition, it will give customers more control over their data so as to prevent commercial exploitation.
The new law stipulates that customers should give their consent before banks can use their data. They also have the right to complain if their information is misused. Financial organizations that fail to observe the data protection regulations could face a penalty of up to €20m or 4% of annual revenue – whichever is greater. In 2015, British companies paid fines worth £880,500. With the introduction of the EU regulation, this amount could be up to 70 times higher which would equate to over £61m.
It is obvious that a disorganized customer notification in the wake of a data breach makes an organization look inexperienced. Financial institutions tend to focus on precautionary measures and disregard the significance of resilience. In the past, firms that have handled data breaches poorly have recorded low earnings, lost customers, and saw some resignation of board members. Under the General Data Protection Regulation, financial institutions have 72 hours to report data breaches.
Organizations that not have invested in response preparedness by 25 May 2018 risk severe penalties and collateral damages. The best initial steps for GDPR compliance include upgrading defenses to achieve first and second line cyber security, educate the staff on cyber-related crimes, evaluate the current infrastructure, and finally, start thinking globally because GDPR will affect the entire world.