The General Data Protection Regulation (GDPR) went into effect in May 2018. More than one year later, most financial organizations—including banks, payment and trading services, and global exchanges, as well as the companies that rely on them—are struggling to maintain GDPR compliance.
While prohibitive costs and the derailment of other, higher-priority initiatives may be partially to blame, a lack of internal data processes has only exacerbated the problem. Setting a foundation to assist with GDPR compliance will benefit financial organizations in the long run.
Due to the vast amount of information that banks and other financial organizations typically require from customers, business and consumer data may be scattered across dozens of applications and databases. Since banks and financial institutions often share customer data with one another, customers’ data may also be distributed between enterprises in any single financial institution’s ecosystem.
This can be problematic when it comes to the “right to be forgotten” aspect of GDPR compliance. Locating and erasing the entirety of a customer’s data can be difficult, especially when that data has been spread and copied across a wide array of business partners and applications. It also presents a problem surrounding the security of customer data. When data is copied to multiple storage locations it becomes much more difficult to secure without an integration strategy in place to help identify these data silos.
To meet the regulations of GDPR and other data-protection mandates like the California Consumer Privacy Act (CCPA), which is slated to go into effect in January 2020, financial organizations must understand intrinsically where across their ecosystem customer data is being stored in the first place. This is not always an easy task, but once that understanding is in place, organizations must also determine a way of synchronizing that data between applications.
A cohesive integration strategy that considers the entire ecosystem helps to provide an underlying data infrastructure and allows financial organizations to easily locate and access any type of data, including customer data. This is advantageous to a financial institution beyond simply checking the figurative boxes to comply with regulations like GDPR and CCPA as they are rolled out.
As the availability of customer and alternative data becomes more complex and diverse in coming years, regulations will also become more complicated and diverse. Maintaining a holistic view of the financial institution’s ecosystem and data silos will help simplify future compliance.
The obvious benefit of GDPR compliance is to avoid severe fines that could add up to 4% of annual global revenues. In the Netherlands, for example, regulators fined a Dutch bank €48,000 (approximately $53,275) for its failure to respond in a timely fashion to a customer’s data request.
However, the general purpose of these mandates and resulting fines is to protect customer privacy, strengthen customer trust, and provide an opportunity for the expansion of digital services financial institutions can offer their customers. Regulations are already being rolled out in addition to GDPR. In the United States, nine states other than California now have similar legislation in draft form based on GDPR and CCPA.
Some 65% of surveyed consumers said that they would stop using a brand that was dishonest about how it was using their data. And an average of 56% of U.S., U.K., French, and German respondents said they would feel inclined to blame a company that loses their personal data above anyone else, even the responsible hacker that stole their data!
This shows that if companies are transparent and honest about the data they’re collecting from consumers and take preventative measures to ensure that they can safeguard and easily access customer data, they can avoid losing customers due to a lack of trust.
Being prepared to meet GDPR, and other upcoming regulations, means financial organizations must prioritize a solid, navigable data-infrastructure system. They must look at their organization’s infrastructure on a broader scope. The idea is to approach the regulatory problem with a holistic view to achieve a solution that enhances data management and visibility, rather than simply attempting to meet the specific requirements as particular sets of regulations are rolled out.
—Dave Brunswick is vice president of solutions at Cleo, Rockford, Ill.