Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

Don’t Forget A Potential GDPR Blindspot – Subject Access Requests

David Jones

Published : , on

Some financial firms see GDPR as simply another data security challenge and are neglecting to adequately plan for the influx of Subject Access Requests (SARs), warns Nuxeo’s David Jones

 It’s now less than a month to go until the EU’s General Data Protection Regulation (GDPR) comes into force in the UK, legislation that alters the way all companies store and manage the personal data they hold on EU citizens.

Financial services firms that do not comply with GDPR requirements risk facing a hefty fine, and indeed that has motivated a lot of last-minute GDPR backfill work. Banks and financial service firms have been working hard to make sure they can identify all of the personal data stored within their systems and repositories, and to ensure this information is safe and secure.

But GDPR isn’t just about safeguarding personal and sensitive data, and just seeing the issue through that lens can be a real blind spot. That’s because it’s also about the ability to deliver this information to any EU citizen who asks for it. As with the old Data Protection Act (DPA) it replaces, any EU citizen can issue what is known as a Subject Access Request (SAR) to see what information firms hold about them.

However, there are significant changes your firm should be aware of. Under the DPA, organisations had to respond to a SAR within 40 days of receiving a written request. Under GDPR, this timeframe shrinks to 30 days. Plus, the previous nominal fee for this service is also being removed for all reasonable requests, making SARs free – which many commentators believe will result in an uptake in requests.

In order to comply with all aspects of GDPR, including the ability to manage the expected increase in volume of SARs in a shorter time frame than before, it’s vital that organisations have a strategy in place. And since the typical SAR demands a copy of all personal information, details of how it has been used, all the third parties which whom it has been shared, how long it has been stored, and details of any data breach — they are actually the perfect GDPR preparedness test. If you can respond thoroughly and within the deadline, congratulations – you’re compliant with the SAR component of GDPR!

If not, prepare for trouble. And not just from the regulator, but from the public. Possible PR ramifications are huge. According to the Information Commissioner’s Office (ICO), the largest number of data protection cases the ICO currently sees are complaints about mishandling SARs (46% in 2015/16 and 42% in 2016/17).

If one considers how quickly social media can inflame situations as well, financial services firms really will need to ensure they succeed in their SAR requirement.

It’s a delicate situation – and banks and insurance firms, who hold a huge volume of highly sensitive data on individuals and are in a highly regulated environment, will likely be in the firing line.

CSP: A Modern Solution to a Modern Problem Set

A Content Services Platform (CSP) approach could well be your new best friend when it comes to GDPR and SARs. That’s because a CSP means that firms managing Subject Access Requests can easily identify data residing within multiple/different information silos within their business, and are able to rapidly serve up this data as SAR requests are made, in an appropriate format and in a timely manner.

A Content Services Platform can also look at file systems for unstructured content alongside the enterprise systems it connects with, such as databases applications containing structured data. And when you consider how many data records could be involved here:

  • Complaints or customer service notes
  • Bank and insurance statements or related static data (e.g. the content of application forms)
  • Medical history (e.g. for life or medical insurance applications)
  • Car details and driving history
  • Work experience history and educational qualifications (e.g. to support a lending application)
  • Employee salary details, plus notes of employee disciplinary/grievance hearings
  • Telephone call recordings, CCTV footage – and more?

It’s clear that a centralised hub that connects structured data systems with unstructured content repositories, organisations benefit from a 360-degree view of GDPR related data, from which SAR specific information can easily be pulled, compiled, and delivered, could be extremely useful – both to improve the customer experience and deliver a better service to your customers a well as digitally transform, especially in a highly competitive environment with the fintech arrival.

It is impossible to predict how many SARs banks, building societies, insurance firms and others will receive when GDPR comes on stream. But given the way the Facebook and Cambridge Analytics scandals have raised the overall data privacy temperature, it’s sensible to be prepared.

Doing so means ensuring personal data is secure and can be quickly located and delivered upon request according to GDPR requirements. Make sure you have the right tools in place to manage SARs– else it could cost you a lot of blood, sweat and tears if you don’t act in good time.

The author is Director of Product Marketing at Content Services leader Nuxeo (www.nuxeo.com)

Uma Rajagopal has been managing the posting of content for multiple platforms since 2021, including Global Banking & Finance Review, Asset Digest, Biz Dispatch, Blockchain Tribune, Business Express, Brands Journal, Companies Digest, Economy Standard, Entrepreneur Tribune, Finance Digest, Fintech Herald, Global Islamic Finance Magazine, International Releases, Online World News, Luxury Adviser, Palmbay Herald, Startup Observer, Technology Dispatch, Trading Herald, and Wealth Tribune. Her role ensures that content is published accurately and efficiently across these diverse publications.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post