Financial services companies could find themselves in trouble as they are not ready to handle any fallout from breaching the General Data Protection Regulation, experts have said.