Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Regulation & Compliance

Group

Financial Services Regulation
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Brexit Notwithstanding: GDPR Means GDPR

Last week I joined attendees at CtrlShift’s Personal Information Economy event, where Elizabeth Denham, the UK’s new Information Commissioner, gave her inaugural speech.

Denham’s overriding message is critical for businesses: the EU’s General Data Protection Regulation (GDPR) will still apply to the UK post-Brexit. Denham made it clear that UK data protection legislation must be deemed essentially equivalent to GDPR if data is to flow between us and Europe.

The business implications are significant. GDPR represents a fundamental reshaping of data protection legislation, giving consumers more rights and placing an increased onus on businesses to secure private data.

As Denham made clear, the law enshrines the rights of consumers to give clear consent over how their data is used, as well as empowering them with new rights around data portability.

If businesses fail to comply with GDPR they face fines of up to four percent of turnover. 

However, for me the most significant element of Denham’s speech is that she sees legislation such as GDPR as necessary to underpin the so-called ‘Me2B’ economy, where consumers are able to benefit directly from the data they share with organisations. As Denham put it to the audience of business leaders: “It’s not privacy OR innovation – its privacy AND innovation”.

Consumer trust in data privacy is essential to business success.

Denham has put businesses on notice: we must embrace the idea of informed consent and be willing to work with customers in true ‘data partnerships’.

This means implementing a customer-driven approach to information sharing where the consumer is empowered to share and rescind their consent and their data. For compliance purposes, this approach demands that businesses capture consent in an auditable flow, as well as implementing a flexible and secure platform to manage data securely.

The good news is that digital rights management technology already exists that can enable business to evolve to this new data protection paradigm.

The challenge is time.

May 2018 will be here before we know it, and businesses now know they absolutely must be GDPR compliant by that date. The race is on.

 

10842

Channels

Regulation & Compliance

Group

Financial Services Regulation
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Report abuse

Comments: (0)

Join the discussion
Stuart Lacey

Stuart Lacey

Founder

Trunomi

Member since

20 Nov 2014

Location

London

Blog posts

9

More from Stuart

This post is from a series of posts in the group:

Financial Services Regulation

This network is for financial professionals interested in staying up to date on financial services regulation happening anywhere in the world. CFOs, bankers, fund managers, treasurers welcome.

See all
Community
See all blogs »
Banking 

FCA and BoE data sharing changes: the impact on lenders

Nick Green

Nick Green

Data Management and Governance 

Why those in financial services must spring clean their customer databases

Barley Laing

Barley Laing

Banking Strategy, Digital and Transformation 

Future of Payment Review: six-months on – Digital Payment Infrastructure

John Bertrand

John Bertrand

Artificial Intelligence  

Towards AI Agents: addressing rule-based governance deficiencies

Freddie McMahon

Freddie McMahon

Now hiring

See more