The EU General Data Protection Regulation (GDPR) has impacted financial services on a global scale
by Bethan Rees
GDPR was implemented on 25 May 2018, with the aim of harmonising data protection laws across Europe and giving people more protection over how their data is stored and used. More than a year on, how has the financial services sector been impacted by the regulation?
Digital banking has seen challenges and opportunities as a result of GDPR. Brian Craig, legal director at UK law firm TLT, lists some in an article for World Finance.
GDPR has improved security procedures in how data is handled, and has “provided a useful example for other countries", he writes. It has shifted power towards consumers, who now have greater control of their personal information. In tandem with open banking (a secure way to give providers access to your financial information), GDPR allows consumers “to not only protect their data, but also to willingly share that data with third parties and fintech providers that offer innovative services”.
Another opportunity lies in the benefits of ethical data. With more of a customer focus on ethics when considering which good and services to buy, “maintaining an ethical approach to data is a significant advantage", writes Craig. Financial institutions have “rigorously complied with” GDPR and prioritised ethical handling of data, resulting in a “succinct and easily comprehensible data policy that consumers can engage with – which is good for keeping customers happy, as well as boosting corporate reputation”.
World Finance article
In the US there is a range of data privacy laws, including the California Consumer Privacy Act and Vermont’s recent data privacy law. However, corporate employees in the UK have a greater understanding of privacy laws than in the US, according to a survey by threat management company ObserveIT, reports Lance Whitney for TechRepublic.
The survey of 1,000 full-time employees in the US and UK finds that 59% of respondents say they handle sensitive information on a daily basis, but it’s how they are handling this data that the results shed light on.
Whitney explains that in the US, 53% of respondents aren’t aware of any federal or state regulations dictating how organisations manage customer data. Only 16% say they’re familiar with GDPR, 10% are aware of the California Consumer Privacy Act, and 3% mention Vermont’s data privacy law, while 51% say that they aren’t familiar with any of these.
But in the UK, 83% say “they know their responsibilities for data protection compliance as an employee since GDPR became law”.
While GDPR is a European regulation, many firms operate on a global scale, so US companies are still obliged to follow GDPR to protect European customers.
Tech Republic article
GDPR in the UAE?
The data protection rules are having an influence elsewhere. The UAE is looking to implement a new data protection and privacy law as part of its National Cyber Security Strategy to combat the growing threat of cyber crime, according to Mazhar Farooqui for Gulf News.
The new law by the Telecommunications Regulatory Authority (TRA) will include as many as 60 initiatives over a three-year timeframe through five pillars, which include enhancing cyber security laws, regulations to address cyber crime and building an ecosystem encouraging research and innovation in cyber security. These will be rolled out across several sectors, including finance.
Farooqui quotes Hamad Obaid Al Mansoori, director general of TRA, who explains why the new strategy is necessary. “Who does not worry about the dangers of the internet? Cyber space provides vast horizons and endless opportunities but at the same time it also provides a gateway for hackers and phishers. It’s therefore imperative for us to have a national strategy that takes into account emerging technologies and the risks that come with them.”
Gulf News article
How has GDPR impacted you? Leave your comments below.
Seen a blog, news story or discussion online that you think might interest CISI members? Email email@example.com.