24 January 2018
Stuart Lacey


Stuart Lacey - Trunomi

7Posts 54,106Views 0Comments
Finextra community

Financial Services Regulation

This network is for financial professionals interested in staying up to date on financial services regulation happening anywhere in the world. CFOs, bankers, fund managers, treasurers welcome.

Two years to comply: how to meet incoming EU Data Protection Regulation

07 June 2016  |  6353 views  |  0

There are now less than two years until the General Data Protection Regulation (GDPR) comes into force. It will fundamentally change the way that companies capture, manage and store information.

 Three significant reforms within the legislation will force institutions to overhaul their existing systems and processes:


  1. Informed consent
  2. Data portability
  3. The right to be forgotten


Under the new regulation, every financial institution that collects, processes or shares an individual’s personal data will need to gain their 'freely given, specific, informed and unambiguous' consent. 

Institutions have to consider the need to capture gained consent in an auditable workflow. Undertaking this with anything other than an automated, secure, digital communication link with the customer would be a huge administration and compliance burden.

New rights beyond consent

The legislation’s interpretation of ‘Right to be Forgotten’ stipulates that consent should not be regarded as freely-given if the consumer or entity has no genuine and free choice and is unable to refuse or withdraw consent without detriment. 

The final significant component of GDPR – Data Portability - enables the customer to both share and rescind data on a case by case basis. In two years’ time with the GDPR comes into force, customers will be able to request copies of their personal data in a useable format that they can transmit electronically to another processing system

A ‘customer-driven’ approach to information sharing is becoming increasingly attractive to financial institutions grappling with this new privacy agenda. Firms are exploring digital rights management services that create a digital ‘vault’ for customers to store their personal data. 

The cost of non-compliance

The GDPR will impose a significant financial penalty of 4 percent of annual global turnover or €20 million, whichever is greater. 

In today’s climate of increased legal scrutiny and reputational vulnerability, it is unthinkable for an organisation not to take all efforts to reduce corporate risk and eliminate liability, especially in relation to global data protection challenges. 

The need for effective digital user experiences is clear: technology can improve efficiency for the bank; provide an auditable trail and clear proof of consent for regulators; and build loyalty and trust for customers.

Consent governed by the EU General Data Protection Regulation will be enforced in just 24 months. The clock is ticking. While 2018 may seem a long way away, legacy processes aren’t overhauled overnight.

We've written more on GDPR at www.trunomi.com


TagsRisk & regulationInnovation

Comments: (0)

Comment on this story (membership required)

Latest posts from Stuart

GDPR 1 Year Countdown: Ready or Not?

30 May 2017  |  5913 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationBrexitGroupFinancial Services Regulation

Data is money: who is taking their fair share?

28 October 2016  |  9807 views  |  0 comments | recomends Recommends 0 TagsMobile & onlineInnovationGroupInnovation in Financial Services

Brexit Notwithstanding: GDPR Means GDPR

07 October 2016  |  9321 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationBrexitGroupFinancial Services Regulation

Can payments firms monetise data and meet new privacy laws?

16 August 2016  |  8656 views  |  0 comments | recomends Recommends 0 TagsPaymentsRisk & regulationGroupFinancial Services Regulation

Stuart's profile

job title Founder
location London
member since 2015
Summary profile See full profile »
Stuart Lacey is the founder and CEO of Trunomi, a company unlocking the power of customer data using consent & data rights. Trunomi provides customer consent & data rights management technology to com...

Stuart's expertise

Member since 2014
7 posts0 comments
What Stuart reads
Stuart's blog archive
2017 (2)2016 (4)2015 (1)

Who's commenting on Stuart's posts