Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

THE COUNTDOWN IS ON: TIPS AND TRICKS FOR GDPR COMPLIANCE

By Olivier Van Hoof, pre-sales manager, UK, Collibra

Mid-summer is traditionally a slow period in business activity whilst everyone has a chance to rest and recharge the batteries in time for the pre-Christmas rush. For those of you who are responsible for data within your organisation, this quiet period is most likely taken up with ensuring your organisation is taking the right steps to achieve compliance with GDPR in time for the May 2018 deadline. Now is the time to take stock and make sure you have a clear view on what individually identifiable data you hold and what you are doing with it and ensure you have policies in place, aligned with GDPR, to govern that data.

Those in financial services have a slight advantage over other sectors, in some respects, as they are used to adhering to a myriad of rules and regulations in order to do business. Other sectors such as retail or media could struggle as they are not as experienced in handling complex regulations and regulators. However, there’s still time to create and implement a thorough GDPR compliant data governance program. Do not be complacent and do not underestimate the efforts required to be compliant with the regulation. The intricacies involved in GDPR, such as updates to the privacy laws which were determined in an age when the internet was non-existent, is one of the reasons it’s a much-needed regulation. Here we examine some of the best ways to approach GDPR and what should already be happening.

Readiness

Anyone would be forgiven if they have stuck their head in the sand when it comes to the lead up to May 25th 2018. The enforcement deadline has seemed like a long way away, but with less than a year to go, now it is critical to ensure readiness.

One of the many operational issues any organisation will have to deal with once GDPR comes into effect is the individual’s right to ask where their data is, how it’s being stored and how it’s been used.  From a data governance point of view, many businesses are not ready to meet these requests for data access. As legacy IT has been updated, cloud solutions implemented and acquisitions made, most organisations find themselves with multiple, disparate data depositories which makes it very difficult to view one person’s entire data landscape within an organisation.Beyond legacy systems, there is also the very real problem of Shadow IT — many analysts estimate it at anywhere between 30-50% of IT spending – which is by definition not governed and in many instances will contain individual data relevant in the GDPR context. Organisations need to take control and this is where the need for tools to simplify the process arises. One area of focus in tooling for GDPR is data mapping which is fast growing in popularity as it provides transparency to the individual data in the organisation’s landscape and can provide context for data within GDPR.

End goal

As with any large scale program, it is vital to understand what ‘good’ looks like, and what a successful end goal is. Some of the basics include a thorough data governance programme, understanding what data will be used for, establishing best practices and regular auditing to prevent data breaches, losses or leakage.

A universal goal for every organisation is a process for reporting a breach: as of next May, organisations of all sizes will have 72 hours in which to report a breach to the local data protection regulators. Fines for non-compliance are as steep as 4% or €20 million of total revenue, whichever is greater. Above and beyond the regulator fines, it is the impact of data breaches on reputational risk that acts as a significant driver. Considering company headlines such as the Talk-Talk hack and resulting loss of customers, share price and standing, it is easy to see how losing customer trust can have significant impact on business. It is up to the data compliance officer, or the person who has responsibility for data use and movement within an organisation, to map out what ‘good’ looks like and determine a way to achieve the end goal in a way which is GDPR compliant.

Rebuilding trust

Many organisations are currently viewing GDPR as a box ticking exercise and a regulatory burden rather than an opportunity to build customer trust. The age in which big business can treat consumer data as their own property without any consideration for the individual is gone. GDPR represents an opportunity to build better internal processes and reassure customers that a company is appropriately storing and handling their data. The regulation should force organisations to re-examine how much data they are collecting and drive the streamlining of that data process. Only collect and hold what you need or, in GDPR context, privacy by design.

We expect to see the collection of data change as regulations around its purpose are established and processes become more efficient. Ultimately a level of transparency will build customer faith that their data is being used and stored appropriately. This will have multiple benefits to happy customers, stock price and market reputation.

Time to implement

Regardless of where an organisation is on its journey to GDPR compliance, this calm mid-summer period is a good time to take stock and ensure everything is in hand ahead of the May 2018 deadline. While the finance sector has an advantage, it is vital for all impacted organisations to understand how ready they are and develop a thorough map of what data is stored where, and how that data is being used. Consider implementing tools to carry this administrative burden as this will speed up and simplify the process.

It is vital to understand what the end goal is, what does a good GDPR compliant program look like for each organisation? It will be different for everyone, depending on what data is stored, how and where it is stored. Each step taken towards GDPR compliance will help organisations to build and nurture customer trust. GDPR compliance shouldn’t be viewed as a tick box exercise, but as a way to develop a thorough understanding of your data landscape and security needs and how to best service your customers.