How the GDPR Affects the Banking Industry
The General Data Protection Regulation (GDPR), a European effort to regulate how entities that do business with people protect their private information, went into effect on May 25, 2018—providing a new set of data privacy rules far more extensive than ever seen before. Its direction is precise and strict, with fines ready to be levied in the event of a violation.
The GDPR affects organizations that obtain personal data from individuals, and the financial industry in particular is seeing a significant impact from the guidelines. Whether located in the European Union (EU) or simply processing and holding the personal data of data subjects residing in the EU, financial institutions find themselves at the center of this legislation.
“Banks are a repository for the private information covered in the GDPR,” said Herb Kelsey, Managing Director, Cognitive Strategies. “Many banks are multi-national and do quite a bit of their business in Europe. They have to pay attention to it.”
The goal of the GDPR is seemingly straightforward: to ensure proper data collection and storage that maintains the integrity and safety of private information. But the fine print may present challenges for banks and financial organizations. “It's a complicated regulation—it's not an obvious implementation,” Kelsey said. “Security leaders must look beyond the superficial elements—updating privacy policies, improving reporting procedures, etc.—to see that the technicalities are very unique and specific.”
Banks and financial institutions must work diligently to comply with the GDPR to avoid penalties that can reach up to 4 percent of the company's entire global revenue. Kelsey suggests that this compliance extends further than it appears on the surface, down to a company's business model. As the Internet has progressed over the years from an exchange of ideas to monetary transactions and transfers, an honest conversation must be had about how personal data is used.
As the latest technology innovations and security solutions increasingly rely on this data for use in various analytic applications to mitigate fraud and improve efficiencies, organizations will need to take a hard look at their processes to assure the proper protocols are being followed. The GDPR also sets a specific timeframe for the handling and disclosure of data breaches, a topic that has been widely discussed in recent cases.
While it may take some time for universal acceptance and compliance, Kelsey believes that the GDPR is long overdue: “This is a step in the right direction to ensuring that individuals that hold money in their accounts are comprehensively safe to do so.”
Matt Tengwall, “How the GDPR Affects the Banking Industry” Verint Connect (blog), July 18, 2018,