The banking industry has some catching up to do to stay in GDPR compliance:
- Only 1 in 5 banks and insurers confident they could detect a data breach. [Capgemini];
- Today, 78% of financial services firms retain and process customer data even after a person has stopped
being a customer. [The Currency of Trust, Capgemini];
- “Research shows an awful lot of banks are not prepared; or, because of the volume of
other regulatory changes they are facing, this isn’t at the forefront of their thinking.” Nic Gordon, Boston Consulting Group. [www.risk.net];
- When asked which sector was likely to be made an example of for breaching GDPR, over a
quarter of respondents chose banking — more than any other sector. EU regulators can fine U.S. companies for violating GDPR, and they can do it with the help of U.S. authorities.
To be GDPR ready, banks should increase consent standards; strengthen rights of data subjects; shorten period for which personal data is stored; provide strict breach notification requirements; increase governance obligations; and operate data protection by design.