With the deadline for the new EU General Data Protection Regulation (GDPR) approaching fast – May 25th 2018, many organisations are struggling to define their requirements and assess the operational impact the changes will have on their data governance programmes.
Banks with EU customers and employees will need to align their GDPR programme with their overall data management capabilities and identify overlaps and gaps.
The Challenges
- Distinguishing the operational regulations from the data regulations
- Assessing how GDPR compares with current data privacy and data security regulation
- Determining the impacts of GDPR on data content management, data access, data governance roles and responsibilities, communications and data lifecycle management
- Determining what constitutes personal, professional and private data as these concepts are not clear in the regulations
- Ensuring that client consent for data collection has been acquired and can be reviewed
- Managing structured and unstructured data (e.g. documents). Under the new legislation, organisations must be able to identify any database or document containing personal information of a data subject and be able to provide an index of that data to the customer upon request
- Inability of underlying systems to trace specific pieces of data to fulfil customer requests or audits
- Identifying, monitoring and accessing personal data from a broad range of systems and platforms
- Responding to the requirements of the Data Protection Officer (DPO)
The Brickendon Solution
- Prepare the data-collection and maintenance processes for handling, managing and using the data appropriately
- Ensure the capabilities to provide full data-lineage analysis
- Augment existing, and where necessary build new, systems for managing, tracing, and controlling data and its use throughout the organisation
- Determine early what the organisation’s current capabilities are, including whether it can:
- Identify in-scope customers
- Determine where personal data is stored
- Access the required data
- Remove the relevant data (assuming this does not break other existing regulations)
- Identify a data breach
- Report a breach appropriately
- Demonstrate compliance
- Design workflows that leverage existing processes to solve the issues associated with GDPR compliance
- Ensure the key people within the organisation know about the changes that GDPR will bring to the organisation
- Start the preparations as early as possible
Client Benefits
- Competitive advantage – by getting an early start on the process, banks can be ahead of the curve and use this to attract new, and retain existing, clients
- Regulatory compliance – failure to comply can result in fines of as much as 4 per cent of global turnover, or €20 million, whichever is greater, as well as significant reputational damage and the potential loss of business
- Assurance that all the data held is subject to the correct scrutiny and held for the right reasons
- A strong structure which can efficiently and quickly respond to all data-related requests, whether from the regulator or a client
- Well-placed to respond to future data regulations (the EU GDPR only applies to data identifying EU citizens but other countries are expected to follow suit with similar data privacy regulations in the future)
