11th July 2019

GDPR fines: your new expense line?

<span id="hs_cos_wrapper_name" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="text" >GDPR fines: your new expense line?</span>

The GDPR dust has settled and perhaps we thought we were heading for a period of calm… Well, that’s certainly now not the case as the UK Information Commissioner’s Office (ICO) has thrust GDPR and cybersecurity back into the spotlight. Robert Browning, CEO, Microgen Financial Systems looks at what this new phase means for companies in the Trust, Fund and Corporate Services markets. 


The ICO bares its teeth

When British Airways suffered its massive data breach last year on its IT systems, it probably looked at the Facebook Cambridge Analytica scandal fine of £500,000 and figured the reputational damage would be far worse than the financial impact. Well, that was in relation to the old data protection regime which, at the time, capped fines at £500,000. How things have changed as we’re now in a GDPR world where fines can now be a maximum 4% of worldwide turnover. While everyone knew BA's fine would be higher, the £183m fine announced this week is on another scale. It’s the sort of number that keeps you up at night thinking that not protecting your client’s data can be a major threat to the success of your business, beyond riding out the immediate reputational damage.  

If that wasn't enough, after the BA main course, the ICO served up a Marriott dessert with their £99m data breach fine announced the following day. While both fines may be reduced in due course, the message sent was loud and clear - take the security of your client's data seriously. In both cases, it can't be said that their IT practices were sloppy, but they could have done more - a situation we're all probably familiar with.

In our industry, we already know from the Panama and Paradise Papers episodes that advisory firms have a big target on their backs. It's something we can't be complacent about, but yet, we can't just lock the doors, shut the windows, cut the cables and pretend the outside world doesn't exist. To be a competitive firm you have to use the latest technology and communication tools to deliver an efficient and effective service to clients. This means using technologies that can open up new risks.

Cyber risk webinar

The subject of how hackers might try to breach financial services firms and how you can evaluate the risks associated with new technologies was the topic of our recent cyber risk webinar.  Anthony Young from Bridewell Consulting joined our CTO, Joe Sefton Jenkins, to debate these topics. They discussed the tactics Anthony’s consultancy use to ethically hack financial services firms and presented the frameworks and tools you can apply to manage the risk of new technologies. You can view the recording below:

[embed]https://vimeo.com/333761672/5675b0bac0[/embed]

 


Robert Browning is CEO at Microgen Financial Systems. You can find Robert on LinkedIn and if you'd like to know more about how Microgen technology can help you meet your GDPR obligations and protect client's data, email us at info@microgen.com.