Summer is ending – but less than four months into the General Data Protection Regulation (GDPR), might complaints about security be heating up?
With sights set in Europe, in the United Kingdom, the number of complaints that were filed with regulators has more than doubled within a relatively short period – from the end of May to the beginning of July – that were seen in roughly the same period a year ago.
Amid that backdrop, the regulation lets citizens in Europe request insight into how their data is being used by companies. They can also request that data be deleted – which gives them “the right to be forgotten.” As has been well reported, the fines for companies that fail to comply with GDPR or the requests by those citizens can be fined up to 4 percent of their annual top line.
And yet, recent data shows that only about 20 percent of companies are in fact compliant with the mandates.
And at least some observers are pointing toward GDPR as being at least partly responsible for the rise. At the end of last month – specifically, between May 25 and July 3 – more than 6,280 complaints were filed with the Information Commissioner’s Office (ICO) – and that tally is more than double what was seen in the previous year through that same stretch of time. The watchdog does not single out complaints according to their category, but as noted by the commissioner’s office itself, there are expectations that the number of complaints will indeed rise.
“Generally, as anticipated, we have seen a rise in personal data breach reports from organizations,” said an ICO spokesperson, according to reports. “Complaints relating to data protection issues are also up and, as more people become aware of their individual rights, we are expecting the number of complaints to the ICO to increase, too.”
Separately, EMW, the law firm that had asked for the complaint tally in the wake of a freedom of information request, said through a principal, James Geary, that “despite this being on the horizon for a couple of years, the reality of the work involved in implementation and ongoing compliance may have taken many businesses by surprise. Failing to respond promptly to subject access requests or right to be forgotten requests could result in a fine, and the time involved in responding properly should not be underestimated.”
In Ireland, according to those complaints, roughly half of the increase has been related to GDPR.
Softer Rules Elsewhere?
Elsewhere, in Switzerland, the financial regulator known as FINMA is looking to ease at least some anti-money laundering regulations, in an effort to pave the way for smaller FinTechs to establish a presence in the country’s money management industry.
Earlier over the summer, FINMA proposed a FinTech license that eased some restrictions on firms that take in deposits but do not make money on activities that surround those same deposits, such as receiving interest on them. The firms that fall under the purview of the relaxed restrictions are those FinTechs that have gross revenues below the equivalent of $1.5 million USD.
And a bit closer to home, the Office of the Comptroller of the Currency (OCC) has also proposed rewriting at least some lending rules … in this case, those geared toward lending in lower-income communities.
Amid a number of proposals being offered up by the Comptroller to help redirect lending is a possible ratio of spending in those neighborhoods relative to bank size. The Wall Street Journal also noted that among the more controversial ideas is a redefinition (without specifics) of “community,” where the traditional notion has been centered on the neighborhoods surrounding the banks themselves.