Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .



map of the world - Global Banking | Finance

With a quarter of businesses in finance and accountancy sector totally unaware of the EU General Data Protection Regulation we interviewed John Culkin, Director of Information Management, Crown Records Management to find out about the regulation and what financial businesses can do to prepare.

John Culkin

John Culkin

The EU General Data Protection Regulation is back in the news after EU politicians met on June 24 to begin the ratification process. What is the update for the banking and finance sector?

The update is that we are edging nearer to an agreement after ‘trilogue’ discussions between the EU Commission, European Parliament and the Council of the EU got underway. Another meeting is planned in July and the stated aim is to ratify the Regulation before the end of 2015, under the current Luxembourg presidency. Whether that will be possible remains unclear. But I think we can be pretty certain that the general principles behind the Regulation are already agreed and that businesses should start to prepare.

Can you sum up exactly what the EU General Data Protection Regulation is and why is it being brought in?

The EU wants to reform data protection and cut red tape for businesses across Europe by bringing in a single set of rules. In future there will be one single Data Protection Authority (DPA) responsible for each company, generally reflecting where its headquarters are based. The Regulation also aims to protect the rights of European citizens to have control over their personal data.

Who will it affect?

Any business that operates from within the EU, does business with companies inside the EU, stores its data in EU member countries or handles the personal data of European citizens.

Having written white papers on the subject, what is your gut feeling around how well prepared the industry is for the changes that lie ahead?

I think there is reason for concern because many businesses in the UK and in particular in the finance sector are either unprepared or even in some cases unaware of the changes.

At Crown Records Management we recently commissioned a Census wide survey to assess what people knew about the Regulation and what they were doing to prepare for it.

The sample was 407 IT decision makers in companies with at least 200 employees, so it was significant; and the results were interesting.

A frightening 22.8 per cent of respondents in the finance sector admitted they knew nothing about the new Regulation, for instance.

Some other headline figures were that almost 50 per cent of companies in the finance sector said they weren’t yet planning to review policies ahead of the new Regulation.

Almost 60 per cent do not yet have plans for staff training – and a quarter are planning to wait for the Regulation to come in before deciding what to do.

A quarter of respondents being unaware of the Regulation is a big figure when you consider it could be ratified in the next few months. Did it surprise you?

No, I don’t think the results surprised us but they did indicate very clearly that many businesses in the finance and accountancy sector are leaving it dangerously late to prepare for the new Regulation and are worryingly uninformed.

You do wonder if people have grasped the enormity of what lies ahead. Around 38 per cent of respondents in the finance sector said they were either not concerned or only ‘quite concerned’ about the changes.

But for people to say they are ‘not concerned’ means they are not concerned about potential fines of 100m Euros, or five per cent of global turnover.

The important question is not just whether businesses are worried or not, but whether they are being proactive and taking early action to prepare.

How does the banking and finance sector compare to others?

It certainly isn’t leading the way according to our survey results. In the legal sector, for instance, only 8.7 per cent were unaware of the new Regulation. Those in the public sector, facilities management and retail sector were also better informed.

It’s not to say the industry as a whole is in the dark because many companies are well prepared and on the ball; but certainly there is room for improvement.

Almost 50 per cent of companies in the finance sector said they weren’t yet planning to review policies ahead of the Regulation, almost 60 per cent have no plans for staff training.

Compare that to the facilities management sector where 60 per cent are already training staff, or to the insurance sector where 60 per cent are reviewing policies, and you can see there are considerable differences between sectors.

How much time should businesses leave to get ready for the Regulation?

There are many aspects of preparation which take time. Undertaking an information audit is just the start. Processes may need to be updated following that audit. Companies may need to employ a Data Protection Officer – and the good ones will be in demand. Training staff can take considerable time, too.

But it’s not all negative. I think companies need to wake up to the commercial benefits of complying with the new Regulation early, too. Consumers are going to be attracted to businesses that comply.

It is too easy to say that 2017 is a long way off or that, with the final details not yet confirmed, there is time to take stock. The reality is that time is short and the changes required significant; so the time to act is now.

What will be the most challenging aspects of the Regulation?
With so much focus on how the data of European citizens is stored and handled, businesses will face a serious challenge to get their processes in order.

To begin with they will need the specific and freely-given consent of data subjects to collect data in the first place.  Data must be accurate and up to date. The policy of ‘privacy by design’ means data protection should be at the heart of all processes.

Citizens will have the right to view their data and ask for it to be edited. The ‘right to erasure’, which has already struck Google, will add further complications as companies will be expected to find and edit large amounts of data quickly – and will need processes in place for data subjects to make those requests.

The threat of data breaches will no longer be a concern only for data controllers but also for data processors as huge fines are introduced across the board.

The Regulation requires companies with more than 250 employees to appoint a Data Protection Officer. Smaller companies which hold more than 5,000 personal data records will have the same requirement. For many it may be more sensible to outsource this post; but the financial implications of the new Regulation will also be a concern.

What are the biggest concerns for the finance sector?

Respondents in the Crown Records Management Survey placed the difficulty of implementing the Regulation as the biggest concern, followed closely by the ‘right to erasure’, and the cost of implementation. Clearly there is work to be done to prepare in the coming months.


CRM Survey Infographic

Global Banking & Finance Review


Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post