Data Breaches Could Cost FTSE 100 Companies $6.4B A Year In Fines
Money is currently dominating much of the conversation around the United Kingdom and the European Union it is set to leave. In less than 12 months — 25 May 2018 — and regardless of Brexit, EU regulation that overhauls the way companies acquire, retain and use personal data, will come into effect. FTSE 100 companies could face fines of up to £5 billion ($6.4 billion) a year if they don’t comply, according to analysis by global management consultancy Oliver Wyman.
The consultancy identified FTSE 100 companies with significant customer interactions that incurred a known data breach in the past five years. Under the EU’s General Data Protection Regulation (GDPR) serious data breaches could incur fines of up to 4% of annual global turnover, or €20 million ($22.5 million), whichever is greater. Using 2015 financial reporting figures, Oliver Wyman applied the maximum fine to reach its total of £25 billion, or £5 billion per year in fines.
GDPR will allow EU consumers to ask why personal data is collected, how it is being used and how long it is retained for and to request that companies erase and stop processing their personal data, with at least ninety million gigabytes of data being taken back, estimates Oliver Wyman. It will also allow companies to ‘poach’ data from rivals, if they can obtain customers’ permission.
Most businesses are not fully prepared to deliver this, says the consultancy, or to adapt to the business consequences of losing their data bank. Banks in particular are struggling with their history of IT systems that were updated with silo-ed decision making within disparate individual units, ending up with an expensive hodgepodge of technology.
“Banks are struggling with legacy systems. From our discussions with chief technology officers at banks, they are concerned the technical challenge may be impossible given there is only a year to go”, Chris McMillan, a partner at Oliver Wyman, told the Financial Times.
Had GDPR been in place for the past five years, FTSE 100 companies could owe up to £25 billion ($32 billion) in fines to EU regulators, according to the consultancy’s estimates.
Oliver Wyman has said in the past that how companies collect, process and protect data on their customers, staff and suppliers has turned into one of the biggest debates of our decade. On the one hand, it argues: “digitization brings opportunity: To enhance the customer experience, to drive down costs, and to create new business models that make use of digital assets. On the other, digitization creates a raft of new threats: whether from competitors, who use their own digital assets to disrupt existing businesses, or from cyber criminals able to steal or ‘spoof’ digital identities, or from fraudsters who infiltrate the digital economy to perpetrate large scale financial crime.”