Report – GDPR: Banks, Breaches, & Billion Euro Fines
The European Financial Services Data Breach and GDPR Fine Forecast
The European Union’s new General Data Protection Regulation (GDPR) introduces 72-hour breach notification requirements along with a range of regulatory fines and penalties.
Most financial institutions are focused only on preventing breaches, and failing to develop the plans and tools to mitigate the regulatory and business risks of a breach when one occurs.
Under GDPR the financial penalties for a slow or poor-quality response could be catastrophic. Institutions can receive a €20m fine or 4% of global turnover – whichever is greater – with possible criminal penalties for executives deemed responsible.
To compound the issue new European regulations such as PSD2, ePR and AMLD4/5 will mandate institutions hold more data and make it available over open interfaces, just when data loss becomes especially dangerous.
GDPR: Banks, Breaches and Billion Euro Fines forecasts the number of data breaches in the financial services sector over the next three years and the corresponding fines under GDPR.
Key findings include:
- GDPR will cost banks €4.7 billion in GDPR fines over three years
- Financial institutions will experience 384 breaches
- Tier one banks could face fines as high as €260 million per breach
The report argues that financial institutions that plan ahead will be those that are best able to manage post-breach fallout. Those that fail to plan are those that are planning to fail.