IBS Journal: The iconic monthly FinTech magazine

February 2020 issue out now! Subscribe now

Launching India FinTech Report 2020

Market sizing and forecast of Digital Lending, Payments, WealthTech & RegTech. Subscribe now

Leading Back Office Systems for Banks

In-depth Supplier Profiles and User Lists. Subscribe now

In-depth Banking Tech and FinTech Research

Over 300 research reports that's updated quarterly. Subscribe now

FS firms risk hefty fines by ignoring GDPR

Just 47% of UK FS businesses have started preparing for the new General Data Protection Regulation (GDPR) which comes into force on 25th May 2018. This despite 12% admitting the maximum fine for non-compliance would force them out of business and 9% saying it would lead to large scale redundancies.

According to a YouGov survey of 285 FS businesses, which was commissioned by law firm Irwin Mitchell, only 56% admit to being aware of the GDPR. Under the new rules, the maximum fine for certain data breaches in the UK will rise from £500,000 to €20 million or 4% of global turnover, whichever is larger.

“These results are concerning because with next May’s deadline fast-approaching and with so much at stake, our study reveals there’s a very real possibility that a large number of financial services companies will not be compliant in time,” says Joanne Bone, partner and data protection expert at Irwin Mitchell. “The financial services sector has significant data protection issues to tackle, particularly as more people move towards conducting their banking activity online. Financial institutions collect vast amounts of data which has to be treated carefully and the Regulator considers financial information to be more serious than everyday data.”

36% of FS firms are certain that they would be able to detect a data breach within their organisation. Just 41% say they are confident they would notify the relevant stakeholders within the required timescale of three days. Irwin Mitchell says that the low level of awareness of GDPR is caused by a number of misconceptions that exist about the new rules. 25% of respondents, who claim that GDPR will have no impact, say it is not an issue for their sector. 19% state it isn’t relevant to their business as they are not a consumer business. Bone comments: “Contrary to popular belief personal data is not just consumer information. It is hard to think of a business today that does not use personal data. Whether you have employee data, customer data or supplier data – if the data relates to an individual you will be caught by the new data protection laws.”

Related Posts