Seven questions and seven issues finance directors must consider about GDPR

Dean McGlone

Sales Director at V1

Views 162

Seven questions and seven issues finance directors must consider about GDPR

07.12.2017 10:00 am

Less than six months from now, in May 2018, the General Data Protection Regulation (GDPR) replaces the current Data Protection Act. Described as the ‘biggest shake up’ of data protection laws for 20 years, the new rulings will change how organisations store and use personal data, while extending the responsibilities of organisations to protect it. Are you prepared – indeed, do you see this as relevant to you?

Achieving GDPR readiness requires organisations to reliably streamline all personal data held in various documents and emails held across disparate systems, network folders and, worryingly, sometimes still in paper-based storage. It goes without saying then, that finance directors will need to be extremely vigilant to ensure they meet the new regulation.

However, it’s not all gloom and doom. This also represents a major opportunity for financial directors to transform their approach to privacy, harness the value of data, and ensure their organisation is fit for the digital economy. Now is the time to review current technologies and decide whether they will be fit for purpose come May.

Seven questions finance directors should be asking themselves now:

1.              Can you easily find documents?

2.              Are they all in one location?

3.              Do you know how many copies of the data exist?

4.              Do you know how long each document should be kept for legal reasons?            

5.              Can document access be restricted?

6.              Could documents get into the ‘wrong hands’? 

7.              Are you easily at risk of a security breach?

An automated document management system (DMS), which stores, manage and tracks electronic documents and electronic images of paper-based information, will ensure finance departments meet GDPR compliance requirements by providing traceability on all documents. This can help with a range of issues this will throw up, for example:

The right to be forgotten

With paper files, firstly locating and then erasing all data on an individual, is a time-consuming and difficult task. Information could easily be spread over many different sites and locations, and be duplicated or even lost. Using a document management system means all files are stored in one location, and finding and erasing the relevant ones is a much simpler and efficient process.

Data retention

Under new GDPR rulings, organisations should only keep personal data as long as is necessary, and for the purpose for which it was obtained. It’s therefore prudent to introduce new best practice processes so that documents are automatically removed to be kept only for the statutory period. This will mean finance directors must regularly ‘prune’ data, which can be a tricky and time consuming job without the right systems in place.


Consent rights have been strengthened for individuals under the GDPR. Of critical importance to finance professionals will be that organisations must not only be able to prove they obtained permission to store and use data from an individual; but also electronic copies of private records on-demand. This will be difficult ask for organisations without the right systems to manage the process.

Privacy by design

The GDPR also talks about ‘privacy by design’, whereby data protection is hardwired into the processes and behaviours of the organisation. A DMS can help ensure everyone is working in the same manner and to the same procedures, and can also show strong compliance by evidencing all communications and involvement with a client, as well as controlling who has access to what data.

The right to access

Under the GDPR, individuals have the right to access their personal data. The information provided to the individual must be done using ‘reasonable means’ and within one month of receipt. Using a DMS means information is stored in one setting, can be easily accessed, and efficiently sent to the individual within the set timescale. All user actions within a DMS have audit trails and documents cannot be accidentally deleted, providing confidence that the right data can easily be passed on.

The right to data portability

This allows individuals to move, copy or transfer personal data easily and securely from one IT environment to another. Fulfilling this request is made easy using a DMS – all the information can be easily located, retrieved and sent on within the set timescale in an approved format.

Breach notification standards

The GDPR introduces a duty on all organisations to report certain types of data breach to the relevant authority, and in some cases to the individuals affected, within 72 hours of becoming aware of it. A breach can be identified and reported immediately using a DMS – something that is nearly impossible to do when dealing with paper documentation in various locations.

Preparation for GDPR is a company-wide responsibility and frankly will affect every department in the organisation. There is no room for complacency. May 2018 is not far away and, with considerable work to be done by the majority of organisations, it’s vital finance directors get on the front foot now.






Latest blogs

James Stickland Veridium

Biometrics for the Unbanked

The number of mobile phone users in the world is likely to surpass 5 billion within the next year. As this number grows, it’s no wonder why most banks have their own mobile app or at least a way for their customers to access finances on-the-go. Yet Read more »

Karen Wheeler Affinion

How Banks Can Build Better Engagement with Business Customers

With a new year just around the corner, December is typically a month in which people take the time to reflect and remember upon the year gone by. Dealt its fair share of political and economic twists and turns, it’s not surprising uncertainty has Read more »

Ray Brash PrePay Solutions

Mobile Wallets set for big growth in 2018

With 2017 almost behind us, it is the ideal time to look back on another prosperous year for electronic payments, and to consider how last year’s developments will impact on 2018. Read more »

Lawrence Chin Palo Alto Networks

2018 predictions - SWIFT members will not meet Customer Security Controls Framework New Year Deadline

After a series of high-profile attacks against its members in 2016, the Society for Worldwide Interbank Financial Telecommunication (SWIFT) established a Customer Security Controls Framework that includes a set of 16 mandatory controls. SWIFT Read more »

Paul Herdman Qumu EMEA

Financial compliance: rules, regulations and the investment industry’s internal communication problem

With worldwide financial institutions finally beginning to recover from Brexit, and derivatives markets still adjusting to the rollout of MiFID I, the next communication crisis for this turbulent industry is already looming. Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53, +44 (0) 173 261 71 47 Download Our Mobile App