- 08.04.2021 01:15 pm
- 22.02.2021 06:30 pm
- 18.11.2020 12:15 pm
- 17.06.2020 12:45 pm
- 27.03.2020 09:45 am
GDPR has been covered in great length in the run-up to the enforcement date, with checklists, guides and whitepapers telling us what we need to do to stay compliant. This is all great, if your data is held in and structured in one central place. But the rise of cloud-based app usage within banking, financial services and fintech organisations could certainly cause some difficulty when it comes to complying with the rules.
The Netskope Cloud Report by the Cloud Industry Forum found that the average European enterprise businesses are using over 600 cloud apps. While this covers the more obvious SaaS applications such as SalesForce and Expensify, it’s thought that organisations underestimate this figure by 90 percent. Think teams setting up Dropbox to quickly share files for projects, or external agencies sharing large files with suppliers via WeTransfer.
This data fragmentation (caused by having hundreds of apps) creates an issue for banks, financial services and fintech companies trying to ensure GDPR compliance within their organisation, as they are effectively unaware of 90 percent of the applications their company uses and the types of data held within those platforms.
Centralisation of this data can be a major step forward for GDPR. Products like G Suite and Office 365 allow fintech companies to provide good business tools for their teams while also having the benefit of providing centralised controls, reports, alerts and visibility of the data being used across the organisation. This minimises the number of apps, contracts and data fragmentation while also providing users with powerful tools to get the job done.
Policy complimenting technology
However, technology is only one part of the overall solution. Whether you have hundreds of applications or only a few, banking and fintech companies, and financial services organisations also need to understand what other controls need to be implemented in order to ensure that they are compliant. This includes:
It may be worth consulting or hiring a GDPR Data Protection Officer to ensure the correct level of controls are in place and remain relevant.
The bottom line is that banking, fintech and financial services businesses need to understand what PI data they hold, why they are holding it, how long they need to hold it for and how it’s being managed. This must be communicated to customers and staff and, where appropriate, mechanisms must be put in place to remove the data should it be requested. Technology is not the only part of the solution. Policy and technology complement each other.