Payment Eye Magazine: New tech solves GDPR

The Ver­itas GDPR 2017 Report sur­veyed 900 busi­ness decision-makers across 8 sig­ni­fic­ant coun­tries, and des­pite 31 per­cent of the respond­ents believ­ing that they are already com­pli­ant, Young says the study shows that they aren’t com­pli­ant to GDPR.


Data pri­vacy is driv­ing the European Union’s Gen­eral Data Pro­tec­tion Reg­u­la­tions (GDPR) in the UK, and yet it’s widely felt that banks and other fin­an­cial ser­vices insti­tu­tions have run out of time to find ways to com­ply with the require­ments. Loom­ing on the hori­zon for fail­ing to com­ply is a dark cloud of sig­ni­fic­ant fin­an­cial pen­al­ties. Ashton Young, writ­ing for Data Centre News on 26th July 2017 in his art­icle ‘Major­ity of Organ­isa­tions Think They’re GPDR Com­pli­ant Actu­ally Aren’t’, says a global study by Ver­itas says the fines that could be imposed for non-compliance could be up 4 per­cent of global annual turnover or 20 mil­lion euros – whatever is the greater.

This is deliberate and removes the ability of organisations to argue that paying a small fine (typically the level issued by the Information Commissioner’s Office) is cheaper than following with the law. The ICO now has no excuse but to start enforcing the data protection regulations as it should have done under the earlier régime. Parliament will need to hold the ICO to account if it does not enforce the régime properly.”
- Lars Davies, CEO Kalypton

Most bank­ing and fin­an­cial ser­vices com­pan­ies are woe­fully behind” says Dav­ies. He adds: “Actual fig­ures are hard to come by, but the media is begin­ning to high­light the issue. See, for example Busi­nesses fail­ing to pre­pare for EU rules on data pro­tec­tion’, The Fin­an­cial Times, 18 June, 2017.” He also high­lights a report in Risk.net, whose art­icle head­line and stand­first com­pare the demands cre­ated by GDPR to “boil­ing the ocean”, claim­ing that GDPR’s data demands are over­whelm­ing the banks. It adds: “Re-papering of exist­ing con­tracts could stretch bey­ond May 2018, for­cing deal­ers to rely on reg­u­lat­ory forbearance.”

New tech design

Des­pite this issue, he feels that new tech­no­logy can help organ­isa­tions to com­ply with GDPR, but it needs to be well-designed tech­no­logy with data pri­vacy in mind: “Most ‘new tech’ is new tech­no­logy for the sake of it. To be classed as a solu­tion, it needs to solve a prob­lem. To solve a prob­lem, that tech­no­logy needs to be designed to meet the legal require­ments, oper­a­tional require­ments, and tech­nical require­ments that per­tain to that problem.”

That is why we designed Tereon to provide dis­trib­uted trust in private ledgers rather than DLT”, he says before elab­or­at­ing: “The cus­tomer data is held only in the ledgers of their fin­an­cial ser­vices pro­vider. The audit trail relat­ing to that data is shared widely so that the integ­rity of that data can be val­id­ated without hav­ing to expose the data or even the data traffic itself.”

Struc­tured consulting

Alun Thomas, an investor in Kalypton, believes that GDPR com­pli­ance needs to be a struc­tured con­sult­ing pro­cess that is sup­port­ing by new tech­no­lo­gies. “The argu­ment is that if you man­age the data cycle cor­rectly; cap­tur­ing it, main­tain­ing it with con­trol of access and authen­ti­city and then des­troy it, then the prob­lem be it MiFID or GDPR or whatever is solved”, he claims. He believes that there is too much fol­low­ing the leader in Fintech, and so he thinks it’s import­ant to go back to first prin­ciples to deliver tools that per­mit a rad­ical change. When people jump on a band­wagon, there is no room for innov­a­tion and no space for improve­ment. All that you get is hype.

Click here to read the entire art­icle on www.PaymentEye.com