With less than 200 days until the deadline to comply with GDPR, Brickendon takes a look at how the legislation will affect the financial services industry
Amid growing concerns surrounding the safety of personal data from identity theft, cyberattacks, hacking or unethical usage, the EU has introduced new legislation to safeguard its citizens. The EU General Data Protection Regulation (GDPR) aims to standardise data privacy laws and mechanisms across industries, regardless of the nature or type of operations.
Most importantly, GDPR aims to empower EU citizens by making them aware of the kind of data held by institutions and the rights of the individual to protect their personal information. All organisations must ensure compliance by May 25, 2018.
While banks and other financial firms are no strangers to regulation, adhering to these guidelines requires the collection of large amounts of customer data, which is then collated and used for various activities, such as client or customer onboarding, relationship management, trade-booking and accounting. During these processes, customer data is exposed to a large number of different people at different stages – and this is where GDPR comes in.
So, what does the introduction of GDPR actually mean for financial institutions, and which areas should they be focusing on? Brickendon’s data experts take a look at five key areas of the GDPR legislation that will have the biggest impact on the sector.
- Client consent
Under the terms of GDPR, personal data refers to anything that could be used to identify an individual, such as a name, email address, IP address, social media profile or social security number. By explicitly mandating firms to gain consent from customers about the personal data that is gathered – with no automatic opt-in option – individuals know what information organisations are holding.
Also, in the consent system, firms must clearly outline the purpose for which the data was collected and seek additional consent if firms want to share the information with third parties. In short, the aim of GDPR is to ensure customers retain the rights over their own data.