There was a 49% increase in data breaches in 2014, with more than a billion records stolen or compromised. In the financial sector, data breaches increased substantially, affecting 1.1 million records in 2014. These incidents have brought the spotlight to data regulations, with many regulatory bodies stepping up with new enforcements, and new laws such as the EU General Data Protection Regulation (GDPR) on the horizon. These regulations require a major upheaval for organizations, which is challenging given the increased public scrutiny the financial sector is currently facing.
In an article on Finextra, I talk about 5 Things the Financial Services Industry Needs to Know About the EU GDPR, including:
- The Global reach of the EU GDPR
- The requirements for customer notification in the event of a breach
- The requirement to notify authorities within 24 hours of a breach
- The need for a data protection officer
- The increased sanctions of up to £100 million or up to two per cent of annual global turnover
If organizations want to avoid the costs and brand damage associated with customer notification and sanctions, they must have data protections in place and be able to prove the device was rendered inoperable / the data was protected at the time of the incident.
There is a lot at stake should any organisation get this wrong: namely risks of heavy, potentially crippling fines as well as a massive blow to brand reputation. This could prove crucial in an age when banks are struggling to keep branches open and maintaining public favour will be the only way they can survive. In an industry where public trust is already at an all-time low, the financial sector needs to work extra hard to stop its public image being damaged any further. Read more about how to survive the regulatory changes affecting the financial sector in my article.