European banks face €4.6 billion in fines in first three years under new GDPR (General Data Protection Regulations) according to Consult Hyperion Report
A new study commissioned by security outfit AllClear ID, GDPR – Banks, Breaches, and Billion Euro Fines forecasts that European financial institutions could face fines totaling €4.6 billion in the first three years under GDPR. The forecast by Consult Hyperion is conservative and excludes compensation claims, costs associated with lost customers, damaged reputations and senior executive resignations.
When GDPR is officially applied in May 2018, banks will be under unprecedented pressure to comply. Financial institutions can receive fines of up to 2% of the previous year’s global annual revenues for a first offense and 4% for repeat offenses where the regulator has previously ordered remedial action. There are also possible criminal penalties for executives deemed responsible.
GDPR’s 72-hour breach notification requirement means banks’ ability to manage and respond to a data breach in an open and efficient manner will be critical. Under GDPR, regulators will have significant discretion in the penalties they can levy, and will no doubt be looking to make an immediate example of those that fail to comply with new regulations.
Tim Richards, Principal Consultant at Consult Hyperion, stated,
“The highest risk item in the GDPR is the 72-hour breach notification requirement, and banks are not mitigating this.”
“Data breaches are an unfortunate fact of life for financial institutions, and our analysis suggests that there have been no fewer than 27 data breach incidents among European Tier 1 banks in the last decade, with some banks as multiple offenders, potentially liable for fines at the 4% level. This indicates an 8% chance that any Tier 1 bank will suffer a data breach in any given year. These figures, we believe, are conservative, and banks are not prepared for the consequences under GDPR,” he continued.
More here [allclearid]