Impact Note: GDPR
- Date:October 18, 2017
- Author(s):
- Test
- Sean Sposito
- Research Topic(s):
- Cybersecurity
- Fraud & Security
- PAID CONTENT
Overview
On May 25, 2018, when the European Union’s landmark General Data Protection Regulation (GDPR) is scheduled to take effect, few, if any, financial institutions will be confident they’re in full compliance, here or abroad. The sweeping mandate — containing 99 articles and 173 recitals — basically covers everyone who resides in the EU.1 It also protects a broader set of personal data beyond the Social Security numbers, dates of birth, and addresses that are usually considered personally identifiable information in the United States. In the context of GDPR, personal data2 are defined as “any information relating to an identified or identifiable natural person.” That may include IP addresses; “social media posts; photographs; lifestyle preferences; and transaction histories” — regardless of format, digital, paper, audio, or otherwise.3,4 In short, FIs should assume that GDPR could potentially cover all of the data it stores on behalf of its customers and employees — especially dual citizens and overseas website visitors.
Learn More About This Report & Javelin
Related content
Trump’s Cyber Avalanche and the Impact on U.S. Financial Institutions
For U.S. financial institutions, the twists and turns of the last few weeks around political promises that have quickly resulted in short-term wins for banks should be viewed with ...
New Stakes for Cyber Resiliency in the Era of Cyberwarfare
The war in Ukraine, the Iran-Israel conflict, and increasing tension between the United States and China have raised new concerns and emphasis around geopolitical risks. Attacks ag...
2025 Cybersecurity Trends
Expanding security automation by relying more heavily on security orchestration, artificial intelligence, and data analytics, as well as a more inclusive and expansive definition o...
Make informed decisions in a digital financial world