Future Proofing Privacy: GDPR Compliance in a Networked Banking System
REPORT PREVIOUSLY PUBLISHED BY OLIVER WYMAN
As the volume of data being generated about individuals increases, technology is making it ever easier for that data to be transferred, and ever more powerful analysis allows valuable insights to be gained from it. How companies collect, process, and protect data on their customers, staff, and suppliers has turned into one of the biggest debates of our decade.
On the one hand, digitisation brings opportunity: To enhance the customer experience, to drive down costs, and to create new business models that make use of digital assets. On the other, digitisation creates a raft of new threats: whether from competitors, who use their own digital assets to disrupt existing businesses, or from cyber-criminals able to steal or “spoof” digital identities, or from fraudsters who infiltrate the digital economy to perpetrate large scale financial crime.
The General Data Protection Regulation (GDPR), due to come into effect in May 2018, is one of the European Union’s (EU) legislative responses to this development. GDPR sets a common standard for how firms that operate in the EU should protect the personal data of their customers, employees, and suppliers. From 2018 onwards, individuals will have a range of rights that give them greater control over their data (such as famously, the “right to erasure”), while firms will face new obligations (including capturing and recording unambiguous consent for use of personal data).