Abstract
Personal data protection (PDP) is a big concern for political leaders, IT managers, information security consultants, the financial services industry, and the millions of people currently online. This paper analyses the impact that the most important European data protection regulation, the General Data Protection Regulation (GDPR), had on the market value of European financial institutions. Financial institutions collect and manage large amounts of personal data. Data protection is thus a key issue, and risks of non-compliance include financial, legal, and reputational risks. It is, therefore, interesting to find out whether stockholders recognized the real value and scope of GDPR. In order to examine the financial institution stockholder reaction to GDPR, we apply the event study methodology. We analyse a sample of 357 European listed financial companies, and we use daily market prices. In general, we find a significant positive reaction and note differences among European countries, showing that perception of GDPR impacts differed, probably because of uncertainty and worries about complying with new provisions, which required economic and organizational investment.
Highlights
Development, and sometimes misuse of Information Technology (IT) has increased the vulnerability of personal data (Gadzheva, 2008)1
In order to answer our research question, "What was the impact of coming into force of General Data Protection Regulation (GDPR) on the European financial stock market?", we firstly analyse the reaction of the stock market to the GDPR for the overall sample of European financial institutions
The Cumulative Abnormal Returns (CARs) statistical significance was assessed using the parametric tests Z and T1 reported in Equations (6) and (8) and the non-parametric test T2 reported in Equation (9)
Summary
Development, and sometimes misuse of Information Technology (IT) has increased the vulnerability of personal data (Gadzheva, 2008). The GDPR aims to cover the gaps existing in the digital world, and regulates the impacts of data processing on PDP, including risks, rights, and freedoms. It comprises a single set of rules applicable to controllers The GDPR makes the notification of data-breach mandatory: companies that experience data breaches must notify regulators and individuals whose personal data was compromised no later than 72 hours after the breach or after it is discovered This obligation may increase reputational risk, which is a key issue for financial institutions.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
