Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Top Stories > EU regulation to place new requirements on financial organisations

EU regulation to place new requirements on financial organisations

Published by Gbaf News

Posted on March 1, 2013

4 min read

Last updated: January 22, 2026

Business professional reviewing payment service providers for secure transactions - Global Banking & Finance Review — An expert analyzes options for payment service providers in a business setting, emphasizing the importance of security and compliance in transaction processing.

By Iain Chidgey, Delphix

Iain Finance, probably more than any other industry, will find itself under the scrutiny of the EU if a new data privacy regulation is implemented. As it announced a few weeks ago, the European Commission is on track to create a set of rules that will govern how companies handle personal data, and if executed, the regulation is expected to be adopted by all countries within the next 12-24 months. Any company that deals with customer records, national insurance numbers, passwords, credit card details,or any other personal information will have to comply. For those caught unprepared, there could be some significant repercussions.

The EU regulation aims to prevent breaches, requires full and immediate disclosure when they happen, and enables customers to request that their data is moved from one organisation to another. It will also place restrictions on who can access personal information. Whilst financial organisations are already heavily regulated and have many restrictions in place, the EU regulation will go further. In its initial reply to the regulation proposals in March 2012, the British Bankers’ Association (BBA) wrote that the laws would be ‘difficult to work with in practice, will be unnecessarily burdensome to business and will provide little or no additional benefit to individuals.’

One of those burdens would be a requirement to mask all private data unless it is absolutely essential that it is accessible to the employee or the third party accessing the data. The impact would be felt across the whole organisation as it finds itself limited in how it can share information internally.

Being able to access and move data within the organisation is absolutely essential to the running of any business. Data sets are required to run business analytics, market reports and risk analysis, as well as develop new products.Copies of data need to be created for backup, training and disaster recovery, and that’s why an average organisation holds 8-10 copies of each live database. Often personal information is held within this data.

Why does that matter?

Under the proposed regulation, every piece of personal information will have to be masked unless it is absolutely necessary to keep it exposed. This will include every original database and every copy that is made. Any time a new copy is requested by an analyst, a developer, or the IT department, it will have to be masked.The new practice could put a new strain on already maxed out IT resources. Everything could take more time or make certain processes not feasible because of the associated cost.

I recently heard from a leading UK bank that it estimates it spends up to 50% of its time just moving data around to service the business. If there is now a requirement to mask all of this data first, then the time involved could mean banks find themselves having to employ more people and incur more cost just to complete simple tasks.

The industry needs technology that will allow this process to be automated and therefore cut costs and improve efficiency.

Several banks and other financial organisations have already adopted new technologies such as database virtualisation where masking is done once in the live database, meaning each virtual copy is automatically masked. When a virtual copy is made it retains the characteristics of the original database including the masking of data, saving IT the time and resources that would be otherwise spent on masking each individual copy.

If passed, the EU regulation could make organisations with unprepared IT departments less competitive. Developers could find themselves waiting longer for a new copy of a database, analysts wouldn’t have the latest data to work with, and overall the organisation would move at a slower pace because it would be bogged down by masking data. There is still time to make sure you are not one of them.