Banking - General Data Protection Regulation (GDPR)
Current fiscal will be challenging at the same time interesting for the market players as globally new and emerging technologies are disrupting and transforming traditional trade practices. In parallel for Europe, a deadline is approaching (25 May 2018) for implementation of a new regulation on data protection that will contribute to this transformation for anyone doing business within the European Union (EU). The General Data Protection Regulation (GDPR), the European Parliament and the European Commission intend to strengthen data protection for all individuals within the EU. Non-compliance can lead to a fine of up to 4% of the annual global turnover of the organization. The GDPR includes a number of provisions affecting digital identity governance that provide individuals with control over their personal data. Key provisions are:
- Right to Consent: Individuals must provide consent before their personal data can be used, and they can revoke that consent at any time.
- Right to be Forgotten: Individuals can request erasure of any or all of their personal data
- Right to Portability: Individuals have the right to receive the personal data they previously provided to a processor in an easy-to-use digital format and transmit the data to another processor.
- Right of Data Minimization: A processor can use an individual’s personal data only if it is necessary for the specific purpose. For example, using the minimum data required.
GDPR compliance is a top priority for organizations in the EU. In addition, many organizations are keen to adopt the emerging blockchain technology. While there are benefits to both, blockchain technology has the potential to disrupt operating models when viewed in conjunction with GDPR compliance.