London, GB 7 °C

Friday, November 24, 2017

GDPR
Opinion > Paragon

What does GDPR mean for cyber security in the banking sector?

By Marc Michaels, director of strategy and insight at Paragon Customer Communications | 7:03 Wednesday 15th November 2017

With the imminent arrival of the EU General Data Protection Regulation (GDPR), banks now have less than a year to overhaul the way they handle, protect and store customer data and, most significantly, ensure they have permission to do so.

GDPR – which comes into force in May 2018 – represents arguably the most significant change in data regulations for some 20 years, and will require the banking sector to bolster its data protection and cyber-security processes to avoid costly financial penalties and potentially negative reputational impacts.

Although the regulations have been widely accepted as a step in the right direction, they have also brought a unique set of challenges for the banking sector.

While a great deal of focus has been on the operational side of the equation, data cleanliness and protection, what’s not often considered is another critical aspect of this data security reform: ensuring you have the proper legal basis to communicate marketing messages to customers which could entail considerable re-permissioning to gain proper consent.

By taking the necessary steps to re-permission data by re-contacting existing customers, financial institutions have a unique opportunity to cleanse existing data and remove contacts who are not interested in their services and solutions, and concentrate on those who are.

Re-permissioning is possibly one of the most important marketing campaigns banks will ever run and needs to be properly planned, created and delivered as a co-ordinated activity to ensure it is done correctly.

Equally fundamental from a cyber-security standpoint, banks must have a plan and process in place to reach out immediately to affected customers in the event of any data breach. The risks of data breaches are extensive for the sector. A gross violation of GDPR – such as poor data security leading to public exposure of sensitive personal information – could result in weighty fines of up to 4% of a company’s global turnover or £17m, whichever is higher.

Under GDPR, organisations have a duty to provide a breach notification to the relevant supervisory authority within 72 hours of becoming aware of any notifiable breach. Such a notification should describe the nature of the personal data breach, including the number of data subjects, the approximate number of personal data records concerned and the likely consequences of the personal data breach. Organisations must also describe the measures taken or proposed to be taken to mitigate any adverse effects, which may involve notifying all or parts of your customer base promptly. Such a solution should be pre-planned and tested.

 

comments

sadi says:

16:53 Tuesday 21st November 2017

I think not many companies are prepared for the changes that will be taking place, having a medium sized business in the finance sector myself through networking I know owners of many other companies. When the talk turns to GDP many of them aren’t even aware of the impact it will have on their business and despite being in the news for months don’t think it will be affecting them. I think it is very important to firstly educate yourself on the changes and then find yourself and work with an experienced cybersecurity firm, we chose to go with http://www.nasstar.com/ mainly as when looking for a firm they had a great deal of experience in the finance sector and have so far been great in advising us and getting us ready for the steps we need to take to comply with the new changes.

sadu says:

16:53 Tuesday 21st November 2017

I think not many companies are prepared for the changes that will be taking place, having a medium sized business in the finance sector myself through networking I know owners of many other companies. When the talk turns to GDP many of them aren’t even aware of the impact it will have on their business and despite being in the news for months don’t think it will be affecting them. I think it is very important to firstly educate yourself on the changes and then find yourself and work with an experienced cybersecurity firm, we chose to go with http://www.nasstar.com/ mainly as when looking for a firm they had a great deal of experience in the finance sector and have so far been great in advising us and getting us ready for the steps we need to take to comply with the new changes.

leave a comment

Your email address will not be published.

Subscribe