General Data Protection Regulation (GDPR)

Capital Markets

GDPR compliance will be the top priority for Financial Services organizations in the EU as regulators across EU will impose hefty fines for non-compliance of data breaches. Till date Financial Services organization were having control of individuals personal data which will now drastically change and the control is shifting in the hands of the individual wherein if the personal data is not treated currently they would have rights to take legal actions against the organization for which the financial services organization has to thoroughly understand the regulation, its objective and the risks involved for its organization. Based on our past experience in implementing complex regulations we feel the financial services organization should consider the following pointers for GDPR readiness across the organization.

  • Individuals will provide consent before their personal data can be used, and they can revoke that consent at any time. Moreover they can request erasure of any or all of their personal data for which the FS organizations need to have clear understanding where the data is stored, what type of data is stored, core sources of data, who within the organization has access to the data, ensure data duplication/ accuracy are taken care well in advance before it is stored in any repository
  • Sharing and receiving data from the third parties are daily routine workouts in FS organization. Organization must have proper due diligence with respect to data protection and understand the risk inherent in sharing and receiving the data from the third parties
  • FS organizations has to adopt data protection and privacy management into its overall business strategy across the organization
  • Right of Data Minimization: A processor can use an individual’s personal data only if it is necessary for the specific purpose. For example, using the minimum data required
  • Investment needed in Data Infrastructure and governance modernization which will entail to identify all of the data elements w.r.t a particular individual across the organization quickly
  • End to end approach towards agile privacy and data protection strategy needs to be in place for processing personal data origination from the EU
  • Mandatory appointment of Data Protection Officer (DPO) as FS organizations uses high volumes of personal data for which DPO will be responsible for complying with Data protection Laws and could be personally liable for non-compliance
Display Title/Subheader?
On
Contact Form
On

Let's Talk About Your Needs

Thank you for your submission. We'll be in touch.