May 25 2018 saw the official birth of GDPR. It will long be remembered as the day from which organisations handling or processing personal data belonging to EU citizens became accountable, fine-able, and responsible, in ways that had never before been quite
Now we can watch and wait to see who breaks the rules. Salutary lessons will come out of the first breaking story. Whether companies transgress by accident or through flagrant flouting of the rules, the penalties for non-compliance are well-publicised and
designed clearly as potent deterrents.
The shape of the General Data Protection Regulation
Just a reminder of what you need to have done by May 25:
- Systems: Have systems in place to ensure that this data is properly collected, stored, managed, processed and protected.
- Information: Be able to tell both individuals and regulators exactly what data you hold, provide access to it in a timely manner and, if required, delete it upon request.
- Best practice: Have safely disposed of all data that is no longer accurate, relevant or necessary to carry out the specific purpose for which it was collected
- Security: In the case of a data breach, be able to advise the relevant authority within 72 hours, with details of the nature of the breach, its potential impact and remedial steps being taken.
Sound data management practice
For IT professionals, the task of consolidating disparate legacy systems and databases – and linking them so that any individual’s data can be retrieved at any time in its entirety regardless of location and presented in an intelligible format – has been
The most common approach has been the creation of an automated process automation layer that weaves together disconnected databases, allows legacy systems to communicate with each other and extracts the relevant information for any specific individual.
Necessity is the mother of innovation
Whilst the systems overhaul has been driven by compliance, organisations adhering to the letter of the law can now easily create full 360° views of individual customers which. For financial institutions one of the great opportunities will come from the ability
to provide a truly personal service to customers based on the insights they can glean form the information.
Organisations will be able to identify weaknesses in customer experience design across different channels and develop new services and offers with a greater relevance to customer behaviours and needs.
Trust in the digital age
As the finance sector continues relentlessly along the digital transformation path, banks, insurers and other institutions will find themselves handling increasing volumes of customer data. Although the data is a valuable asset, the daily challenges of running
a business on disjointed legacy systems have historically prevented organisations from deploying the asset for strategic advantage.
With its fundamental requirement for a seamless, integrated and joined-up approach to data, GDPR heralds the end period of digital disparity. It also acts as a much-needed first step towards restoring trust in the data economy. For some years, most data
stories to hit the news have been about careless mistakes and malpractice – data theft, loss, and misuse.
With GDPR in force, the people and organisations responsible for the breach will be identified, held to account and penalised. This rigorous policing and follow-through will eventually encourage the public to place greater trust in organisations to handle
their data appropriately. When this happens, everybody wins.
As more and more of our financial lives move into the digital realm, the ability to engender trust by adhering to sound data management practices will become more than a hygiene factor, it will become a competitive differentiator.
As with any legislative shake-up there will be winners and losers. Financial services organisations that go beyond compliance and embrace the opportunities presented by GDPR by building trust and delivering a more personal customer experience will be the
ones that come out on top.