General Data Protection Regulation (GDPR) Implementation: What was the Impact on the Market Value of European Financial Institutions?

Personal data protection (PDP) is a big concern for political leaders, IT managers, information security consultants, the financial services industry, and the millions of people currently online. This paper analyses the impact that the most important European data protection regulation, the General Data Protection Regulation (GDPR), had on the market value of European financial institutions. Financial institutions collect and manage large amounts of personal data. Data protection is thus a key issue, and risks of non-compliance include financial, legal, and reputational risks. It is, therefore, interesting to find out whether stockholders recognized the real value and scope of GDPR. In order to examine the financial institution stockholder reaction to GDPR, we apply the event study methodology. We analyse a sample of 357 European listed financial companies, and we use daily market prices. In general, we find a significant positive reaction and note differences among European countries, showing that perception of GDPR impacts differed, probably because of uncertainty and worries about complying with new provisions, which required economic and organizational investment.