Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

GDPR: Is time running out?

GDPR: Is time running out?

By Ian Kilpatrick, EVP Cyber Security for Nuvias Group

The General Data Protection Regulation (GDPR) will overhaul how organisations store, secure and manage their customers’ data.  EU citizens will have extended rights that include the right to know what information is held about them, the right for that data to be removed, the right to data portability, and the right to be informed if there is a data breach. This data is known as PII (Personally Identifiable Information).

Alongside that, the Network and Information Systems (NIS) directive applies to operators of essential services, such as water, energy, transport and health providers and is aimed at ensuring they safeguard data against cyber-attacks. Like GDPR, the penalties for non-compliance are extremely high.

Yet according to research published this year by the Department for Digital, Culture, Media and Sport (DCMS), only 38 percent of UK businesses said they had heard of GDPR – and among those that are aware of it, only a little more than a quarter have made any changes in readiness for the new regulations. However it’s not too late to do something. The authorities know compliance is an ongoing process, and want to see organisations showing willingness to comply.

Understanding the data assets your organisation collects, holds and processes is the essential step in the planning stages to GDPR readiness. Once you have identified all the data types and sources you hold, you need to understand where it is stored and who can access it. Printed copies should be securely stored, with regular reviews to ensure the copies are still required. If not, securely destroy them.

Electronic storage within a structured database should be relatively easy to recognise, maintain and protect. The larger problem is unstructured data and knowing where PII, or personally sensitive information, is stored. Data discovery tools can search all mappable drives to find sensitive files (.docx, .xlsx, .pdf’s etc) that may contain the data that you are searching for – e-mail addresses, phone numbers, credit card details, National Insurance numbers, etc.

Once you know where your un-structured sensitive files are stored, move them to a central repository from which you can defend access. Set up processes and procedures to be able to respond in a timely fashion to Data Subject Access Requests (DSARs). Finding a Citizen within your paper records will require a physical search. Finding a Citizen within your CRM or other database  should be accommodated from the application. The same tool that helped your organisation find sensitive files, ought to discover specific subjects within un-structured data, allowing an organisation the ability to respond to DSARs within the 30 days prescribed.

 

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post