GDPR, Brexit and the New Face of Compliance

GDPR, Brexit and the New Face of Compliance

Andrew Joss

Head of Industry Consulting EMEA at Informatica

Views 460

GDPR, Brexit and the New Face of Compliance

25.10.2016 08:45 am

The EU General Data Protection Regulation (GDPR) has highlighted several areas of new privacy regulation that will prove particularly challenging for many financial services institutions. In broad terms, the regulation aims to enable citizens to take back control of their own data and to unify privacy regulations across the EU. This will drive significant changes in data collection and processing across the sector.

Britain’s impending exit from the European Union raises some questions about the exact legislature which will come into effect in the UK. But we can be sure of one thing - any financial organisation doing business in Europe will need to be GDPR compliant.

That’s because the GDPR has extended the scope of privacy to cover not only data held when an organisation or person is inside the EU, but also organisations outside the EU that process EU citizen data. The definition of personal data now covers a raft of areas including the usual personal details, as well as a wider range of items like photographs and social media content. Additional challenges around a right for a citizen to be forgotten and the ability for citizens to demand access to their data, will cause all financial services institutions to look very carefully at their policies around the data they hold on their customers.

New requirements have been introduced - for example, explicit consent will now need to be obtained for the collection and use of data, and there are some severe fines and sanctions in cases of data breaches. As a result of these proposed changes, the role of the data privacy officer has now also become a great deal more significant because of these potential non-compliance fines or sanctions.

To help businesses prepare to meet the new demands of GDPR, below we explain four of the key issues that they will face and how to address data governance as a result.

1. Locating privacy data

The key challenge of GDPR for any institution is the need to find all privacy-relevant data across the enterprise. Customer data sits in many different systems, in many different forms. The rise of omni-channel in financial services means that customers can engage through any channel and through any appropriate medium. When they do so, a digital footprint is usually stored somewhere to record that fact for proof of activity, or to support remediation when errors occur. All of these footprints, for all types of engagement, have the potential to be in the scope of GDPR.

2. Understanding how to treat data once identified

The new ‘opt in’ clause for the GDPR regulation means that a customer is giving consent for their data to be stored and used. However, financial services institutions need to be aware that this consent may apply to certain parts of a customer’s data and not to others. The increased complexity of data tracking caused by this right to consent means institutions will need to consider how to best address the use of non-consented data whilst still maintaining transactional and financial integrity across the business.

3. Customer requests

Customers will now also have the right to request that a financial services institution provides them with all details pertaining to the information held about them. Under GDPR this will include information going outside the institution, requiring additional security considerations whilst being a costly exercise if carried out manually. This is even more the case if an institution misses something that the customer knows about when providing this information. In that case, the organisation reveals that they don’t have their customers’ data under control and opens itself up to sanctions.

4. Enacting the right to be forgotten

The GDPR ‘right to be forgotten’ clause will require an institution to remove all relevant customer data from all its systems upon request. Removing data held in multiple different systems and in multiple different formats is either a very time consuming and expensive manual exercise (with the risk of accidentally failing to remove all the data) or requires institutions to look at process automation to achieve it in an industrialised manner. Either approach will require institutions to look carefully at the time, cost and risks associated with each option and build solutions to address them.

What next?

GDPR has shown that getting customer data under control is now a major business imperative for financial services organisations. The consequences of non-compliance are potentially substantial. Yet, software solutions already exist that can help address a number of the key GDPR data challenges. The two years before GDPR comes into effect may seem like a long time, but financial services organisations need to be ready - the implications of being caught off guard could be very significant.

Latest blogs

John Burgos Mindgate Solutions

Overcoming anxiety around mobile payments & digital payments - In the South Asia Pacific

Innovation and technology usually go hand in hand.  Therefore, for innovation to be fully realized, the technology that enables the innovation must be adopted as well.  During the last 5 years, we have had innovations from Google, Apple, Read more »

Stuart Robertson iDelta

Finance Sector PLCs Hold the Key to Economic Recovery

We have started to see the devastating impact the Coronavirus will have on our economy.  The travel, leisure and hospitality industry redundancies are rapidly mounting up with restaurant and bar owners facing no option but to shut up Read more »

Hirander Misra GMEX Group

Are UK Banks profiting from the current coronavirus crisis and failing SMEs?

A UK business could be eligible for a Coronavirus Business Interruption Loan Scheme (CBILS), as set out by the UK Government. However, it appears that despite the Government’s best intentions, this scheme is not working in practice and some urgent Read more »

Otabek Nuritdinov Safenetpay

A strong fintech needs more than just access to funding

  Investors, both private and institutional, are excited about investing in fintechs that are in the payments services business. What are the issues that really should matter to you, as a client? In 2019, institutional investors Read more »

Martijn Bos Holland FinTech

Get your head up in the clouds, it’s good for business

How Digital Transformation is reshaping competition in financial services The message is clear and it’s coming at us from all sides: digitalize now. No business unit seems to be immune to the onslaught of cloud-based, AI-driven, real-time, Read more »

Related Blogs

Shiran Weitzman Shield

Tackling Apparent Contradictions of Compliance versus Privacy

As technology evolves and becomes more complicated, so too do the moral and ethical dilemmas, along with the associated regulations. However, well-intentioned regulations designed to protect people and businesses alike can sometimes seemingly Read more »

Gemma Doswell Paybase

Paybase Predicts...

What we said in 2018 Read more »

Dr Bimal Roy Bhanu Ai XPRT

Are you keeping up with the Regulator?

Not many things in life are certain, but in the financial services industry it’s obvious to all participants that regulators are continually tightening the national and international governance, risk and compliance requirements. The ultimate aim for Read more »

Gemma Doswell Paybase

Retaining Buyers and Sellers Is Easy, Right?

So, you’ve launched your own online marketplace, gig economy or sharing economy platform. What’s next? You need to attract users and, more importantly, retain them. But it’s actually one of the biggest challenges for a platform business to overcome Read more »

Gemma Doswell Paybase

What’s the deal with IR35?

In what feels like an ever-changing regulatory landscape, IR35 is yet another addition to the evolving contract/freelance/off-payroll space. But, as we firmly advocate at Paybase, regulation should not be looked at as a deterrent. It’s put in place Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel