To read this content please select one of the options below:

The impact of GDPR infringement fines on the market value of firms

Adrian Ford (School of Architecture, Computing and Engineering, University of East London, London, UK)
Ameer Al-Nemrat (School of Architecture, Computing and Engineering, University of East London, London, UK)
Seyed Ali Ghorashi (School of Architecture, Computing and Engineering, University of East London, London, UK)
Julia Davidson (Pro Vice-Chancellor, Impact and Innovation, University of East London, London, UK)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 7 September 2022

Issue publication date: 9 February 2023

443

Abstract

Purpose

This paper aims to investigate the impact of the General Data Protection Regulation (GDPR) infringement fine announcements on the market value of mostly European publicly listed companies with a view to reinforcing the importance of data privacy compliance, thereby informing cyber security investment strategies for organisations.

Design/methodology/approach

Previous studies have shown (varying degrees of) evidence of a negative impact of data breach announcements on the share price of publicly listed companies. Following on from this research, further studies have been carried out in assessing the economic impact of the introduction of legislation in this area to encourage firms to invest in cyber security and protect the privacy of data subjects. Existing research has been predominantly US centric.

Findings

Using event study techniques, a data set of 25 GDPR fine announcement events was analysed, and statistically significant cumulative abnormal returns of around 1% on average up to three days after the event were identified. In almost all cases, this negative economic impact on market value far outweighed the monetary value of the fine itself, and relatively minor fines could result in major market valuation losses for companies, even those having large market capitalisations.

Originality/value

This research would be of benefit to business management, practitioners of cyber security, investors and shareholders as well as researchers in cyber security or related fields (pointers to future research are given). Data protection authorities may also find this work of interest.

Keywords

Acknowledgements

The authors wish to thank the anonymous reviewers for their helpful and constructive feedback. The authors are also grateful to the reviewers and participants of the 20th European Conference on Cyber Warfare and Security (Ford et al., 2021a) for their valuable input.

Citation

Ford, A., Al-Nemrat, A., Ghorashi, S.A. and Davidson, J. (2023), "The impact of GDPR infringement fines on the market value of firms", Information and Computer Security, Vol. 31 No. 1, pp. 51-64. https://doi.org/10.1108/ICS-03-2022-0049

Publisher

:

Emerald Publishing Limited

Copyright © 2020, Emerald Publishing Limited

Related articles