
The Next Frontier: From Communications Service Provider to Digital Service Provider
An exclusive report on how Europe's telcos use digital transformation ...
An exclusive report on how Europe's telcos use digital transformation ...
The second edition of the THINGUIDE has undergone an update ...
When Shell Fleet Solutions wanted to launch an innovative and ...
CGI has over 40 years’ experience providing secure, mission critical ...
An exclusive report on how Europe's telcos use digital transformation ...
Domestic abuse is a prevalent, high-impact crime with widespread and ...
This video demonstrates how we partner with clients to enable ...
Right now if there is one thing looming large on the radar of senior banking executives, it’s GDPR. The General Data Protection Regulation comes into force a year from now. It will usher in a new data management regime for any organisation collecting, storing or processing personal data.
The UK may be leaving the EU but this is one legal instrument that’s not up for negotiation: government has made clear that the GDPR in all its detail is here to stay.
What is changing?
For banks and financial groups the introduction of GDPR represents a major challenge, specifically in relation to the way they hold customer information. It will require comprehensive change across IT estates.
At its core GDPR is about giving control to the customer, so:
Sanctions that cannot be ignored
As they face up to their obligations in this new legal landscape banks will be forced to acquire new functions and capabilities. So there is likely to be a significant shift both in corporate mindsets and day-to-day working practices. There has to be. The penalty structure under GDPR (up to 4% of annual global turnover or EUR20 million) is severe.
At board level the sanctions underpinning the regulation have not gone unnoticed. How much would a company need to invest internally to avoid a fine of 4% of turnover for example? There is no clear view on how serious non-compliance would have to be to attract a sanction at the upper level. As a result of this uncertainty we may well see substantial restructuring manoeuvres by global corporates attempting to mitigate the risk of damaging penalties.
Three first steps for dealing with GDPR
Larger organisations have certainly started to appoint senior executives to data protection and privacy ownership roles. But smaller companies don’t seem to have got to grips with what they need to do to comply with GDPR. That’s a concern. Understanding the regulations is the key starting point – helping to calculate where best to deploy valuable technical resources.
Undoubtedly GDPR will disrupt the banking industry. We’ve even heard it suggested that one way of dealing with the enormous changes would be to simply delete all customer data and start over! But keep in mind that GDPR is not altogether new territory. It builds on existing rules and dovetails with the whole area of data security. From CGI’s own work we have seen how many financial services groups already treat data security and GDPR as a top priority.
What challenges are you facing around GDPR? We would like to get your comments and continue the discussion.
Neil Sadler is a Senior Vice President and Business Unit lead for our ‘London’ Business Unit, which includes our Metro markets across the region and our Banking, Financial Markets and insurance business.
Add new comment
Blog moderation guidelines and term of use