What does GDPR mean for cyber security in the banking sector?
By Marc Michaels, director of strategy and insight at Paragon Customer Communications | 07:27 Wednesday 15th November 2017
With the imminent arrival of the EU General Data Protection Regulation (GDPR), banks now have less than a year to overhaul the way they handle, protect and store customer data and, most significantly, ensure they have permission to do so .
GDPR – which comes into force in May 2018 – represents arguably the most significant change in data regulations for some 20 years, and will require the banking sector to bolster its data protection and cyber-security processes to avoid costly financial penalties and potentially negative reputational impacts.
Although the regulations have been widely accepted as a step in the right direction, they have also brought a unique set of challenges for the banking sector.
While a great deal of focus has been on the operational side of the equation, data cleanliness and protection, what's not often considered is another critical aspect of this data security reform: ensuring you have the proper legal basis to communicate marketing messages to customers which could entail considerable re-permissioning to gain proper consent.
By taking the necessary steps to re-permission data by re-contacting existing customers, financial institutions have a unique opportunity to cleanse existing data and remove contacts who are not interested in their services and solutions, and concentrate on those who are.
Re-permissioning is possibly one of the most important marketing campaigns banks will ever run and needs to be properly planned, created and delivered as a co-ordinated activity to ensure it is done correctly.
Equally fundamental from a cyber-security standpoint, banks must have a plan and process in place to reach out immediately to affected customers in the event of any data breach. The risks of data breaches are extensive for the sector. A gross violation of GDPR – such as poor data security leading to public exposure of sensitive personal information – could result in weighty fines of up to 4% of a company's global turnover or £17m, whichever is higher.
Under GDPR, organisations have a duty to provide a breach notification to the relevant supervisory authority within 72 hours of becoming aware of any notifiable breach. Such a notification should describe the nature of the personal data breach, including the number of data subjects, the approximate number of personal data records concerned and the likely consequences of the personal data breach. Organisations must also describe the measures taken or proposed to be taken to mitigate any adverse effects, which may involve notifying all or parts of your customer base promptly. Such a solution should be pre-planned and tested.
SIGN UP TO OUR NEWSLETTER TO RECEIVE MORE NEWS LIKE THIS STORY
George Osborne optimistic that Open Banking will be ‘dramatic’ to industry
George Osborne has claimed that the big banks won’t necessarily look to move more quickly towards Open Banking as it represented a competitive threat to them...
Santander launches 'invisible cinema' experience to help tackle fraud
Santander has launched an ‘invisible cinema’ experience to teach under-25s about the importance of keeping financial information safe...
New CEO joins Buckinghamshire Building Society
Gerard O’Keeffe (pictured above) has started his role as the new CEO at Buckinghamshire Building Society...
STB Commercial Finance expands North West team
Secure Trust Bank (STB) Commercial Finance has appointed John Copping (pictured above) as regional sales director for the North West...
300 companies sign up to Women in Finance Charter
A total of 300 companies have now signed up to HM Treasury’s Women in Finance Charter....
Hanley Economic offers self-build product in Scotland
Hanley Economic Building Society has extended its self-build and residential mortgage offerings into Scotland with immediate effect...
Why it’s important to encourage female entrepreneurs
On Women’s Entrepreneurship Day, we honour women in business, their fearless ambition, their achievements and successes...
TSB names new CEO
The board of TSB Bank PLC – with the support of Sabadell – has announced that Debbie Crosbie (pictured above) will become its new CEO in 2019, subject to regulatory approval...
Tandem opens community beta testing for autosavings
Tandem has invited its existing app users to join its autosavings beta testing community to help test its new proposition...
Secure Trust Bank enters Right to Buy market
Secure Trust Bank Mortgages (STB) has launched into the Right to Buy market with a range of mortgages for tenants looking to purchase their existing home...
Starling announces partnership with the Post Office
Starling Bank has announced that it has partnered with the Post Office as it looks to offer every day banking services to its customers...