Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Are you ready for GDPR?

By Jon Szehofner, Founding Partner of GD Financial Markets

As we steam ahead into 2018, the deadline for the General Data Protection Regulation(‘GDPR’) looms fast. Firms are in the final sprint to be compliant by the 25th May or face fierce penalties. Whilst the GDPR appears burdensome, the level of security which it will bring to individuals across all areas from electronic communications, including journalism,has never been seen before and is something which we should all be glad to see implemented.

Jon Szehofner
Jon Szehofner

The value of data has never been more prominent with cyber security now an integral part of companies’ operations. The increase in the number of security breaches over the last year alone are evidence of the change in direction of crime. High-profile examples include the 9,000 Tesco Bank customers account breached in 2016, Equifax- 145.5 million people’s data breached in 2017 and the theft of $81 million from accounts belonging to the Bangladesh Central Bank using SWIFT’s network.

There is a significant value in the GDPR and not just financially or as another stick for the regulator to beat firms with, but in an increasingly online world where data is a commodity, protecting our personal and business data is crucial. Large and household organisations such as banks and FTSE 250 companies are likely to be made an example of should they fail to comply with the regulations. Transparency and compliance will be crucial for those who do not wish to be publicly pilloried by the regulator, face a fine of up to 4% of global revenue or risk irreparably damaging their reputation if breached.

As a piece of European Union legislation, the GDPR will provide a standard across all industries and much of the Continent. This is a first for regulation of this sort and will hold companies with offices in numerous locations to the same standards, something which has not always been the case. It will strengthen and unify data protection for individuals, both within the EU and with respect to the exportation of their data to outside of the European Economic Area (EEA). However, for businesses this also means that the cost of non-compliance is higher than ever before with significant fines based on worldwide turnover.

The growing social and political value of data means that the stakes are high for companies, individuals and Governments across the world and consequently the regulator will take a particularly aggressive approach to punishment. The directive states that breaches include the misuse of data such as when an individual’s data is used in marketing material where permission has not been given through to cases where there is not sufficient data, security leaving companies and individuals open to hacking.

How are firms preparing? Most firms have recognised the need to develop substantial technological and organisational systems to deal with the volume of data and categorisation required by the GDPR. Not only will there need to be good technology, but employees also need to be trained in the requirements for compliance and to communicate it to clients. Some firms have taken the decision to hire a dedicated Data Protection Officer, whilst others have appointed someone on a voluntary basis or appointed an external agency. The extent to which firms are ready for the incoming regulations is dependent on the company and its Board in accepting the significance of the GDPR and whether this is imbedded in practices and filters throughout the company.

It will require teams to check everything from technology contracts to cloud based software services. Indeed, the latest survey by Deloitte highlights that only one in ten global companies actually monitors and identifies data activity by their sub-contractors and instead rely on third-parties to check on fourth and fifth party activity.Organisations will be held responsible for their sub-contractors use of data on the organisations behalf and consequently it is imperative that they are prepared and understand what and how data is being used.

The significance of GDPR can be seen in the fact that the responsibility for compliance should lie with a Board level member of the company and the need for evidence to show that a company has taken clear steps to attempt to be compliant. Firms that struggle to understand where their data currently comes from will struggle most to develop clear systems for the GDPR.  It is not necessarily the size of the firm that counts but how many different systems are used and how easily data can be traced that may relate to a particular individual.

Firms will need to conduct internal audits on their held data to understand where it comes from and whether the information can be corrected, changed and the progress can be noted for future reference of development within the firm. It is also important that firms continue their efforts and do not stop after the May deadline had passed.

In 2016 the UK Financial Conduct Authority revealed that the number of reported incidents of cybercrime within its jurisdiction had jumped to 75 for the year to date from 5 in 2014.If the regulator’s fine alone is not enough to spur companies into action, the irreparable reputational damage done to companies in the light of data breaches can be the cause of loss of trust and customer support which takes a much longer time to recover from.

Firms have less than a month to be ready for the regulations and it is important that those at the top of organisations have a hold on the significance of the GDPR. The road to compliance may be monotonous but once the initial systems are in place, the GDPR will pave the way for a future which is more in line with the direction which technology is taking us in.