What does GDPR mean for cyber security in the banking sector?
By Marc Michaels, director of strategy and insight at Paragon Customer Communications | 07:27 Wednesday 15th November 2017
With the imminent arrival of the EU General Data Protection Regulation (GDPR), banks now have less than a year to overhaul the way they handle, protect and store customer data and, most significantly, ensure they have permission to do so .
GDPR – which comes into force in May 2018 – represents arguably the most significant change in data regulations for some 20 years, and will require the banking sector to bolster its data protection and cyber-security processes to avoid costly financial penalties and potentially negative reputational impacts.
Although the regulations have been widely accepted as a step in the right direction, they have also brought a unique set of challenges for the banking sector.
While a great deal of focus has been on the operational side of the equation, data cleanliness and protection, what's not often considered is another critical aspect of this data security reform: ensuring you have the proper legal basis to communicate marketing messages to customers which could entail considerable re-permissioning to gain proper consent.
By taking the necessary steps to re-permission data by re-contacting existing customers, financial institutions have a unique opportunity to cleanse existing data and remove contacts who are not interested in their services and solutions, and concentrate on those who are.
Re-permissioning is possibly one of the most important marketing campaigns banks will ever run and needs to be properly planned, created and delivered as a co-ordinated activity to ensure it is done correctly.
Equally fundamental from a cyber-security standpoint, banks must have a plan and process in place to reach out immediately to affected customers in the event of any data breach. The risks of data breaches are extensive for the sector. A gross violation of GDPR – such as poor data security leading to public exposure of sensitive personal information – could result in weighty fines of up to 4% of a company's global turnover or £17m, whichever is higher.
Under GDPR, organisations have a duty to provide a breach notification to the relevant supervisory authority within 72 hours of becoming aware of any notifiable breach. Such a notification should describe the nature of the personal data breach, including the number of data subjects, the approximate number of personal data records concerned and the likely consequences of the personal data breach. Organisations must also describe the measures taken or proposed to be taken to mitigate any adverse effects, which may involve notifying all or parts of your customer base promptly. Such a solution should be pre-planned and tested.
SIGN UP TO OUR NEWSLETTER TO RECEIVE MORE NEWS LIKE THIS STORY
Investec launches 10-year BTL fixed rate product
Investec Private Bank has developed a 10-year buy-to-let fixed rate product...
Redwood Bank bolsters lending and credit teams
Redwood Bank has strengthened its lending and credit teams after appointing five new specialists...
Monese introduces student account
Monese has launched a student account for international and domestic students...
Tide secures £8m of funding
Tide has received £8m of new funding as it plans to move into its next stage of growth...
Starling Bank introduces personal loan products
Starling Bank has launched its first personal loan products offering up to £5,000...
Industry reacts to bank service league tables
Earlier this week, the Competition and Markets Authority (CMA) released the survey results ranking banks on their quality of service...
So you've signed up to the Women in Finance Charter – what now?
In July, it was revealed that 272 companies had signed up to HM Treasury’s Women in Finance Charter, covering over 760,000 financial services employees in the UK...
OakNorth completes its largest deal to date
OakNorth has completed its largest deal to date with a £40.2m property investment loan to Select Property Group...
Industry predicts the future of banking
Banking is forever evolving, with new entrants to the market and modern technology being introduced on a regular basis...
Triodos Bank provides £7m facility to First Choice Housing Association
Triodos Bank has provided £7m of funding to First Choice Housing Association (FCHA), which provides accommodation for vulnerable people across Wales and Shropshire...
The role of banks in the smart city
Smart city is a great buzzword. The term envisages a city where information and communication technologies like ‘the internet of things’ are connected to enhance the quality and performance of urban cities and thus urban living itself...