Watch your data! Authorities clamping down on GDPR breaches, issuing massive fines

The magnitude of fines now being implemented by the UK authorities for GDPR breaches would be enough to see off any brokerage as the same tariffs apply to all sectors, and far outstrip the FCA’s fines


A month and a half ago, FinanceFeeds reported the full set of data issued by the UK Information Commissioner’s Office (ICO) as the first year in which the GDPR data protection regulations had completed, the purpose of the report being to reflect on the regulator’s experiences over the past year and share what it has learnt about the GDPR and its impact a year after its implementation.

As is often the case when new regulations are instigated in regions with a highly developed financial markets economy and a diversified industrial base such as the United Kingdom, the regulators have begun to step their auspices up considerably following publication of the first year’s outcomes.

As this week commences, the British authorities have begun to issue tremendously high fines to large companies, in what could be considered a high profile attempt to make an example of those which jeopardise data in order to ensure other companies toe the line.

In the FX and CFD business, GDPR is a huge consideration, not only in terms of internal CRM and transaction data, but also in terms of how customer data is handled when trade reporting is conducted under the MiFID II guidelines which require all execution data from all venues, brokerages and exchanges to be published to the regulatory authorities across Europe.

FinanceFeeds has spoken at length to many regulatory technology and reporting companies, all of which connect intrinsically to Amazon’s AWS cloud for data handling, purely because of AWS Cloud’s ability to comply with GDPR regulations.

Whilst the latest casualties of the long arm of the data protection regulator are not FX brokerages, the two fines, handed out in just under 24 hours, represent what could likely happen to a financial services company or electronic brokerage for non-compliance with GDPR regulations.

The ICO has now handed out out £238 million worth of fines to British Airways and hotel group Marriott International.

Given that, unlike in other areas of regulatory oversight, the ICO is responsible for administering penalties to all industry sectors regardless of their operations or type of business, these fines could be implemented upon large blue chip global companies, or onto a retail FX brokerage 100th of the size of the recipients of these recent fines, and is at liberty to apply the same tariffs.

Whilst many law firms in the City have recently stated that many responsible officers have become more vigilant about the handling of personal data since the GDPR regulations were introduced in May, and many have increased their resources in protecting data since the ICO released the ‘one year on’ report in May this year, there are still some degree of whistleblower reports taking place.

Whistleblowers are on the increase, too, with 175% increase in whistleblower reports to the ICO since May 2018 when GDPR was introduced.

Just to put the magnitude of the potential penalties into perspective, the two fines, issued in little more than 24 hours to Marriott and British Airways amount to more than three quarters of the total fines given by the Financial Conduct Authority (FCA) in the whole of the past year to all of the companies that it oversees. This is despite the fact the FCA has traditionally given far harsher fines than the ICO.

To put that into perspective, a balance sheet of over $50 million is required to maintain a prime brokerage relationship with a bank, a relationship which only approximately six entities in the entire global FX and OTC derivatives sector worldwide has, out of over 2,500 brokerages currently operational, demonstrating that a fine of £100 million to a single entity would see of pretty much any company in the brokerage business.

“GDPR has driven a cultural shift in how people perceive personal data and its value. More people now see it as part of their personal property, and they are more likely to act if they believe it is being misused” said Richard Breavington, Partner at RPC law firm in London.

“The ICO has shown that it is a regulator to be respected. The FCA had traditionally been thought to be among the tougher regulators in the UK, but the fines the ICO is levying are now on a different scale.”

“There were a lot of eyes on the ICO, waiting to see how it would use its new powers. Few foresaw it hitting a business with such a high fine at this stage” he said.

There are specialist companies in the electronic trading industry that are able to assist with ensuring compliance of GDPR, many of them being regulatory reporting specialists specific to our industry, thus it is worth taking this seriously.


Read this next

Digital Assets

Bybit exits UK market ahead of regulatory changes

Bybit is suspending its cryptocurrency services for users in the United Kingdom due to impending regulations from the country’s Financial Conduct Authority (FCA).

Digital Assets

Binance argues SEC trampled authority set by Congress

Binance, Binance.US, and Changpeng Zhao have jointly filed to dismiss a lawsuit brought by the Securities and Exchange Commission (SEC) in June.


Oscar Asly replaces Rasha Gad as CEO of M4Markets Dubai

Seychelles-regulated brokerage firm M4Markets has secured a license from the Dubai Financial Services Authority (DFSA) after it has already incorporated its new subsidiary in the Dubai International Financial Center (DIFC).

Retail FX

Capital Index UK reports mitigated loss despite revenue drop

FCA-regulated brokerage firm Capital Index (UK) Limited has released its annual financial report for the year 2022.

Digital Assets

Mike Novogratz’s Galaxy Digital expands in Europe

Galaxy Digital, the New York-based cryptocurrency financial services company founded by Mike Novogratz, is expanding its presence in Europe by appointing Leon Marshall as its first European CEO.

Metaverse Gaming NFT

Turingum Partners with MarketAcross to Drive Web3 Adoption in Global and Japanese Markets

Global blockchain PR leader MarketAcross joins forces with Japanese Web3 specialist Turingum to mutually expand its market reach, aiming to fortify Turingum’s worldwide footprint and MarketAcross’s presence in the lucrative Japanese blockchain landscape.

Digital Assets

Binance to delist all stablecoins in Europe next year

During a public hearing with the European Banking Authority (EBA), an executive from Binance said that the exchange could ultimately delist stablecoins from its European platforms by June 30, 2024.

Industry News

“Unconscionable conduct”: ASIC fines National Australia Bank $2.1m for overcharging customers

NAB faces a $2.1 million penalty for unconscionable conduct, as the Federal Court rules the bank knowingly overcharged customers, and took over two years to rectify the situation.