Are You Ready For The GDPR

December 12, 2017 05:00 AM


From May 25th 2018, all European Union member states will be required to comply with new rules that will have a significant impact on how all businesses based in the EU – as well as many organizations from other parts of the world – manage and use personal data.


The General Data Protection Regulation (GDPR) was developed with the intention of strengthening and unifying data protection for all people within the EU. It aims to restore control and ownership of personal data to the individual, while simplifying the regulatory environment for international business.


This regulatory change is expected to have a particularly pronounced impact on the financial services sector, given the large amount of highly sensitive personal data banks and financial institutions hold on their customers.


Three industry executives discussed this subject during a recent Marketforce webinar exploring the ‘regulation revolution’ in financial services.


Will Beeson, head of operations and innovation at the SME-focused CivilisedBank, said the new rules provide some “much-needed rigor and definition around the ownership of data”.


He pointed out that, in the past, businesses have acquired data on individuals and used it for their own gain, sometimes to the detriment of the customer. One of the things the GDPR will do is make it clear that people own their data, and businesses can simply request and store that information.


For financial services organizations, the focus going into 2018 should be on making the necessary preparations to comply with the GDPR.


“This is by far one of the biggest areas of focus for banks and financial services companies,” said Mr Beeson. “The penalties for getting this wrong are massive: four percent of global turnover, or €20 million, whichever is higher.”


It was also noted that the amount of work required to comply with the new rules will be different for every organization. For smaller, emerging banks and fintechs, GDPR compliance is likely to be an inbuilt component of their business, but larger institutions might require much more time and investment to update their data management systems.