How firms can recover the Holy Grail from GDPR
40
In this article, Scott Bancroft, Capco’s Chief Information Security Officer discusses the five key steps businesses must take to gain from General Data Protection Regulation (GDPR)
I
n the run up to the GDPR deadline on 25 May, many companies were largely struck by panic. This new EU data privacy law, designed to overhaul how businesses process and handle data, certainly presented some operational challenges for companies. However, as they joined the mad rush to comply or die, many financial services firms seemed to miss that getting GDPR ‘right’ could bring them opportunities that most have been seeking to fulfil forever - a single view of the customer’s data and effective information management in the digital age. Getting a single view of all data held on a customer has largely become the ‘holy grail’ these days - allowing businesses to track their customers and communications across all marketing channels, and as a result, turn that data into viable business intelligence. While the big online retailers have been making a success of this for years, few businesses have in financial services. Why? Many haven’t had the financial impetus before, and their technology
International Finance Jul - Aug 2018
infrastructure hasn’t been up to it. So how can GDPR facilitate? Most recent financial regulations (such as MiFID II, Open Banking and GDPR) all have elements of data privacy requirements that must be fulfilled. If companies manage GDPR compliance properly, they will spend significantly less time, effort and money on managing other regulations - and achieve a much-improved level of information management – irrespective of the type of information – in the process. This requires a unified and consistent approach to information throughout its lifecycle, not forgetting record management across the business, which with GDPR returns with a vengeance. Under GDPR, unused or ‘stale’ data must now be disposed of, thus giving companies the ability to properly respond to data subject access requests and perform defensible disposition. Here are my tips on how you can discover the Holy Grail: 1)Assess your existing ‘maturity’ in terms of GDPR compliance… and identify any gaps.