Amidst growing concerns around the safety of personal data from identity theft, cyberattacks, hacking or unethical usage, the European Union has introduced a new legislation to safeguard its citizens. The EU General Data Protection Regulation (GDPR) aims to standardise data privacy laws and mechanisms across industries, regardless of the nature or type of operations. Most importantly, GDPR aims to empower EU citizens by making them aware of the kind of data held by institutions and the rights of the individual to protect their personal information. All organisations must ensure compliance by 25th May 2018.
Financial services firms usually require the collection of large amounts of customer data, which is then collated and used for various activities such as client or customer on-boarding, relationship management and accounting. During these processes, customer data is exposed to a large number of different people at different stages, which is where GDPR comes in.
What does the introduction of GDPR actually mean for financial institutions and which areas should they be focusing on?
Four key areas of the GDPR legislation that will impact the sector:
– Client consent
– Right to data erasure and right to be forgotten
– Consequences of a breach
– Enhancing privacy
Given the wide reach of the GDPR legislation, there is no doubt that financial organisations need to re-model their existing systems or create newer systems with the concept of ‘Privacy by Design’ embedded into their operating ideologies. With the close proximity of the compliance deadline – May 2018 – firms must do this now.
Failing to do at least one of the following now: a) identify client data access and capture points, b) collaborate with clients to gain consent for justified usage of personal data, or c) remediate data access breach issues, will not only cause financial pain in the long run, but also erode client confidence.
– ICO Registration
– Introduction to GDPR
– Personal & Sensitive data
– Lawful basis
– Data Transfers and Sharing
– Data Breaches
– Record keeping
– Staff Training
– Cyber Liability cover
Please note, if you become a member of the Excelsior Worldwide network as an individual Excelsior representative adviser then compliance will be provided to you at no cost.