Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

FINANCE SECTOR FACES THREE PRONGED CHALLENGE ON CONSUMER DATA

-GDPR remains the priority but financial services also facing challenge from PSD2 and MiFID II-

How the financial services industry deals with customer data has become a major source of anxiety in recent months with the looming General Data Protection Regulation (GDPR) set to come into force in May 2018.

Coupled with that, the Markets in Financial Instruments Directive (MiFID II) is set to challenge the status quo on how financial businesses operate while the EU’s Incoming Payment Services Directive (PSD2) threatens to break the traditional banking model by opening up customer data.

Each one of these new regulations presents a challenge individually, but dealing with all three at once – and the contradictory nature of some of these new rules – means the financial sector is facing a three-pronged assault.

Of the three incoming regulations however, GDPR is looking like the most pressing issue, with 52% of chief information security officers working in the finance sector making compliance an investment priority, according to data from Network Group Events’ 2017 Financial Services Information Security Network.

This is despite as many as 50% of companies affected by the regulation still not being fully compliant, according to research by Gartner.

There is no doubt that the finance sector is fully aware of GDPR regulations, but they will face tough challenges on the road to compliance, and recent cyber attacks such as WannaCry and Petya will have placed a renewed emphasis on data security.

DataRaze’s Commercial Director Steve Inglessis discusses how financial services firms can prepare ahead of GDPR – sharing some top tips and highlighting why GDPR is not a compliance burden but, actually, an opportunity.

Know where your data is

Knowing where your customers’ data is kept at all times is a major step to being GDPR compliant. Businesses are increasingly data-driven, using big data to understand performance and identify opportunities to improve. Nowadays, not only is the volume of data we create increasing – every day we create 2.5 quintillion bytes of data – but so too is its complexity.

This process typically involves a number of individual solutions, each collecting, managing and analysing data. While businesses benefit tremendously from this, it means that data is often scattered across a number of systems, from legacy hardware to cloud-based platforms. Subsequently, it becomes difficult for the business to have a unified and holistic view of its data.

Traditionally, the view has been that more data equals more value, but this is not the case – it’s about data quality. Also, employees within the business might be using a variety of Shadow IT solutions (i.e. solutions outside of the business’ standard IT infrastructure) to manage data – making it harder for you to understand your current data procedures, as well as exposing your business to potential data security risks.

Taking the time to understand how your business captures, stores and processes data will help to streamline the process and standardise the systems you use. Taking these steps will enable you to assess current risk levels and develop an approach to GDPR-compliant data management.

Establish data governance framework

With data volume growing so fast – and GDPR quickly approaching – information management needs to change. Financial firms need to first establish a data governance framework, one that ensures that only the right, high-quality data is collected and for the intended purpose, and then proceed to carefully dispose of data which they do not need.

GDPR states that businesses can only capture data for the purpose it is required, meaning firms will not be able to record information other than that which is stated.

This will involve updating existing IT infrastructure and improving data security measures, moving to scalable cloud-based solutions to support more streamlined data management in line with new policies. It is vital however, that legacy IT assets and data is completely destroyed, and financial firms need to be sure any data disposal is compliant with new regulations.

Enlisting the services of a professional, external data disposal firm, could help with this and ensure any destruction is carried out professionally.

It is important to remember though, that even if you outsource the data destruction, your company is still responsible if this isn’t carried out properly so businesses should make sure they obtain a robust chain of custody to ensure data is destroyed safely and correctly to avoid potential problems down the line.

Remember, good data governance is not just about the collection of high-quality data, but also having a robust, industry-compliant and risk-free data disposal method.

Protect your data and achieve transparency

GDPR puts increased accountability on data processors and the controller/processor relationship becomes even more important. Many financial service firms share information with third parties, such as clients, suppliers, regulators or partners but should one fail to protect that data in line with GDPR standards, the other will be held accountable too. To ensure ongoing compliance, financial services firms must have a handle on all of its existing data.

As that data is transferred to a third party, the interaction needs to be recorded and the third party must have a system in place that compiles clear and detailed reports on how the data is being used and interacted with. This includes data ownership, as well as access and data usage, and record that information in a central location.

Ultimately, taking the steps above will pave the way to ongoing compliance and will enable financial firms to increase efficiency and productivity. Companies which are able to demonstrate better compliance and data security will inevitably gain the trust of customers, as well as avoiding the fines and punishments facing them from May 25, 2018.