"Revenue derived from cybercrime now exceeds US$1.5 trillion annually, nearly three times the global drug trade."

Dr. Mike McGuire (2018) Into the Web of Profit; Understanding the Growth of the Cybercrime Economy

Risk Disclaimer

The value of investments and any income derived from them can go down as well as up as a result of market or currency movements and investors may not get back the original amount invested. 

Views and opinions have been arrived at by BMO Global Asset Management and should not be considered to be a recommendation or solicitation to buy or sell any stocks or products that may be mentioned.

Governance of data protection

The collecting and processing of personal data is a critical component of modern business. But companies have not always used or protected personal data in a way that people expect, with highly publicised data breaches and privacy scandals continuing to hit the headlines.

In 2018, Europe’s General Data Protection Regulation (GDPR) came into force, giving EU citizens more control over how their data is used, and requiring companies to take data privacy more seriously or else risk being handed substantial fines of up to 4% of global turnover. Not only does the GDPR have extra-territorial reach, making it the first ever piece of global data legislation, but many other regions including Brazil, Canada and California are using the GDPR model to introduce their own legislation.

To better understand how companies were facing the challenge of implementing the GDPR, we engaged with data protection officers, or equivalents, at a group of 28 global companies from data-heavy sectors such as technology, pharmaceuticals and finance. Given the sensitive nature of this topic, our expectations were exceeded in terms of the level of access we were given and the openness of conversations.

Findings and next steps

A key finding was that despite improvements in practice, disclosure on data privacy standards remains limited and inconsistent, making it challenging for investors to assess levels of risk. In order to move beyond this, we have formulated a high-level disclosure framework, which we think covers the most important areas of compliance:

  • Acknowledgement of the importance of data privacy from top management
  • Internal governance arrangements for data privacy
  • Formal oversight by the board and senior management
  • Relevant experience on the board
  • Company culture

 
We have shared this with those companies within our sample and have encouraged them to
consider adopting it in their future reporting.

Risk Disclaimer

The value of investments and any income derived from them can go down as well as up as a result of market or currency movements and investors may not get back the original amount invested. 

Views and opinions have been arrived at by BMO Global Asset Management and should not be considered to be a recommendation or solicitation to buy or sell any stocks or products that may be mentioned.

Related Capability

Read our Responsible Investment review

For Professional Clients and/or Qualified Investors only