By Edith Rigler, Transactiuon Banking Academy tutor
Mention the phrase “data protection” to someone and you are likely to receive a big yawn. Add the fact that 28 January was European Data Protection Day and you’re just as likely to get a puzzled reaction. You will hear the comment that data protection is a dry subject, which is neither of great relevance or interest. At most, the subject is seen to be relevant to banks - after all, they hold financial data on their customers such as account numbers, balance information, risk and investment preferences, as well as personal information such as names, postal and email addresses and telephone numbers. But data protection as a subject of interest to corporates?
Yet data protection and security should concern everyone, be it an individual, a business, a bank or a public authority.
Data Breaches: The New Normal
Consider the recent news about data breaches - 2014 has been called the year of major data breaches. They happened everywhere and no-one was exempt: public authorities, corporates and banks were all targets.
The impact of data breaches is significant, not only for individuals - who may lose money or may have to spend much time trying to retrieve their data - but above all for corporates. Surveys have found that the scale and cost of data breaches have nearly doubled in recent years. First, there is the direct cost such as having to as having to notify your customers of a data breach, followed by investigating and controlling the breach, potential litigation (dealing with lawsuits arising from customers), and last but not least regulatory fines.
However, the intangible costs may be even more significant. They include damage to the corporate brand, potential loss of customers, lost business opportunities and a decline in share value. Research reveals that reputation and the loss of customer loyalty does the most damage to the corporate bottom line.
Corporates are at risk if hackers attempt not only to steal their customer data, but also destroy company systems, complete with all the data. Following such a breach, a corporate may no longer be able to operate. There is also the risk that corporates´ proprietary information such as product designs, finance and strategic plans may be stolen.
Corporates find themselves in a dilemma: for one, data is essential for their economic activities. Companies collect data, aggregate it and analyse it. Understanding data about their customers and their activities and preferences is important for businesses of all types and sizes to be able to develop better and more targeted products.
The conclusion is of course that corporates must protect the data which they hold on their customers, and that is not a new thought. Across the EU, everyone has the right to the protection of personal data concerning him or her, as laid down in Article 8 of the 2000 EU Charter of Fundamental Rights. Consumers have benefited from data protection laws in the form of an EU Directive since 1995, but over the subsequent 20 years there have been tremendous changes in terms of technology and consumer behaviour. No wonder that the 1995 Directive can no longer represent the digital age.
The EU’s new General Data Protection Regulation (GDPR) has therefore been proposed in response, and appears likely to be finalised later this year. Who is impacted, what are its goals, who benefits and what will it mean for corporates?
Corporates Stand to Gain from the new Regulation
The regulation will apply to any company holding personal data on customers/consumers residing in the EU, where ‘personal data’ could be names, email addresses, payment details, social networking posts, medical information and/or internet protocol (IP) addresses. It will therefore have a major impact on many industries - from technology, media and telecommunications companies, to retailers, e-commerce and payment services providers.
There are three key elements which will benefit corporates:
There are several key activities corporates need to undertake to prepare for the proposed GDPR:
To summarise, cybercrime and data breaches are on the rise. At the same time public concern over the safety of data has increased - although not yet to the level one might expect in view of the frequency and size of recent incidents.
The good news is that data protection regulation is in the works. This should ensure that more stringent procedures will become mandatory for organisations which hold data on their customers. For corporates, the time to act is now, before the new regulation is adopted.
Sign up to receive our newsletter
Make sure you hear the news about new courses and other developments in transaction banking by signing up for our newsletter
News & Resources
We welcome submissions from educational and commercial organisations, subject to our content guidelines. You can get a monthly update straight to your inbox by signing up below.