22 May 2018
Stuart Lacey


Stuart Lacey - Trunomi

7Posts 55,400Views 0Comments
Finextra community

Financial Services Regulation

This network is for financial professionals interested in staying up to date on financial services regulation happening anywhere in the world. CFOs, bankers, fund managers, treasurers welcome.

Brexit Notwithstanding: GDPR Means GDPR

07 October 2016  |  9488 views  |  0

Last week I joined attendees at CtrlShift’s Personal Information Economy event, where Elizabeth Denham, the UK’s new Information Commissioner, gave her inaugural speech.

Denham’s overriding message is critical for businesses: the EU’s General Data Protection Regulation (GDPR) will still apply to the UK post-Brexit. Denham made it clear that UK data protection legislation must be deemed essentially equivalent to GDPR if data is to flow between us and Europe.

The business implications are significant. GDPR represents a fundamental reshaping of data protection legislation, giving consumers more rights and placing an increased onus on businesses to secure private data.

As Denham made clear, the law enshrines the rights of consumers to give clear consent over how their data is used, as well as empowering them with new rights around data portability.

If businesses fail to comply with GDPR they face fines of up to four percent of turnover. 

However, for me the most significant element of Denham’s speech is that she sees legislation such as GDPR as necessary to underpin the so-called ‘Me2B’ economy, where consumers are able to benefit directly from the data they share with organisations. As Denham put it to the audience of business leaders: “It’s not privacy OR innovation – its privacy AND innovation”.

Consumer trust in data privacy is essential to business success.

Denham has put businesses on notice: we must embrace the idea of informed consent and be willing to work with customers in true ‘data partnerships’.

This means implementing a customer-driven approach to information sharing where the consumer is empowered to share and rescind their consent and their data. For compliance purposes, this approach demands that businesses capture consent in an auditable flow, as well as implementing a flexible and secure platform to manage data securely.

The good news is that digital rights management technology already exists that can enable business to evolve to this new data protection paradigm.

The challenge is time.

May 2018 will be here before we know it, and businesses now know they absolutely must be GDPR compliant by that date. The race is on.


TagsRisk & regulationBrexit

Comments: (0)

Comment on this story (membership required)

Latest posts from Stuart

GDPR 1 Year Countdown: Ready or Not?

30 May 2017  |  6176 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationBrexitGroupFinancial Services Regulation

Data is money: who is taking their fair share?

28 October 2016  |  10001 views  |  0 comments | recomends Recommends 0 TagsMobile & onlineInnovationGroupInnovation in Financial Services

Brexit Notwithstanding: GDPR Means GDPR

07 October 2016  |  9488 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationBrexitGroupFinancial Services Regulation

Can payments firms monetise data and meet new privacy laws?

16 August 2016  |  8824 views  |  0 comments | recomends Recommends 0 TagsPaymentsRisk & regulationGroupFinancial Services Regulation

Stuart's profile

job title Founder
location London
member since 2015
Summary profile See full profile »
Stuart Lacey is the founder and CEO of Trunomi, a company unlocking the power of customer data using consent & data rights. Trunomi provides customer consent & data rights management technology to com...

Stuart's expertise

Member since 2014
7 posts0 comments
What Stuart reads
Stuart's blog archive
2017 (2)2016 (4)2015 (1)

Who's commenting on Stuart's posts