We speak to ITProPortal about the new tech that solves GDPR for banks

Loom­ing on the hori­zon for fail­ing to com­ply is a dark cloud of sig­ni­fic­ant fin­an­cial pen­al­ties, we speak to ITPro­Portal about plan­ning for GDPR.

Data pri­vacy is driv­ing the European Union’s Gen­eral Data Pro­tec­tion Reg­u­la­tions (GDPR) in the UK, and yet it’s widely felt that banks and other fin­an­cial ser­vices insti­tu­tions have run out of time to find to com­ply with the require­ments. Loom­ing on the hori­zon for fail­ing to com­ply is a dark cloud of sig­ni­fic­ant fin­an­cial pen­al­ties. Ashton Young, writ­ing for Data Centre News on 26th July 2017 in his art­icle ‘Major­ity of Organ­isa­tions Think They’re GPDR Com­pli­ant Actu­ally Aren’t’, says a global study by Ver­itas says the fines that could be imposed for non-compliance could be up 4 per cent of global annual turnover or 20 mil­lion euros – whatever is the greater.

This is deliberate and removes the ability of organisations to argue that paying a small fine (typically the level issued by the Information Commissioner’s Office) is cheaper than following with the law. The ICO now has no excuse but to start enforcing the data protection regulations as it should have done under the earlier régime. Parliament will need to hold the ICO to account if it does not enforce the régime properly.”
- Lars Davies, CEO Kalypton

Most bank­ing and fin­an­cial ser­vices com­pan­ies are woe­fully behind” says Dav­ies. He adds: “Actual fig­ures are hard to come by, but the media is begin­ning to high­light the issue. See, for example Busi­nesses fail­ing to pre­pare for EU rules on data pro­tec­tion’, The Fin­an­cial Times, 18 June, 2017.” He also high­lights a report in Risk.net, whose art­icle head­line and stand­first com­pare the demands cre­ated by GDPR to “boil­ing the ocean”, claim­ing that GDPR’s data demands are over­whelm­ing the banks. It adds: “Re-papering of exist­ing con­tracts could stretch bey­ond May 2018, for­cing deal­ers to rely on reg­u­lat­ory forbearance.”

Top tips: Tech deployment

To assist banks and fin­an­cial ser­vices organ­isa­tions to com­ply with GDPR, Dav­ies and Thomas offer 6 top tips for deploy­ing new tech­no­logy to solve GDPR and to pro­tect data privacy:

1. Read the regulation.
2. Stop mak­ing excuses.
3. Under­stand that you can­not derog­ate your respons­ib­il­ity to sup­pli­ers or third parties.
4. Make sure that the tech­no­logy you imple­ment does not require the use of a reg­u­lat­ory sandbox.
5. Make sure that your sup­pli­ers under­stand the require­ments of the GDPR.
6. Meas­ure the ROI of this effort in terms of not just react­ive com­pli­ance but in devel­op­ing a dif­fer­en­ti­ator of trust.

Dav­ies then con­cludes: “This late flurry of activ­ity to meet a reg­u­la­tion driven dead­line is typ­ical of the fin­an­cial ser­vices industry. The industry really needs to get out of a react­ive mode of oper­a­tion and into a mode of oper­a­tion that pro­act­ively con­siders secur­ity and pri­vacy from the bot­tom up.” He also finds that there is an increas­ing “acknow­ledge­ment that fin­an­cial ser­vices com­pan­ies are really tech­no­logy com­pan­ies and that data is their biggest asset.”

So, in his opin­ion the object­ive has “there­fore to be the trus­ted holder of sens­it­ive cus­tomer data. This con­trasts sig­ni­fic­antly with the busi­ness model of the likes of Google and Amazon, who provide loss-leading ser­vices to cap­ture that data and mon­et­ise it.” At the end of the day, trust is a vital part of compliance.

Click here to read the entire art­icle on www.ITProPortal.com