What Should Financial Institutions Know About GDPR Compliance? | Appian Blog

What 5 Questions Should Financial Institutions Ask About GDPR Compliance?

Many financial institutions already have operations in the European Union or may have plans to expand in the future. If that is the case for your organisation, the General Data Protection Regulation (GDPR) rules will directly impact your institution’s usage and management of consumer data. Even if your website simply collects data on EU citizens, you must comply or face significant fines of up to 4% of annual global turnover or €20 million, whichever is greater.

According to Forrester Research:

“One in three firms believes they are GDPR-compliant today — but they may not be.”

Here are five questions to consider regarding your GDPR readiness:

  1. Is there cross-organisational understanding of GDPR?
    GDPR is more than a regulatory compliance issue — it fundamentally changes how financial institutions operate. To ensure compliance with GDPR, you’ll need a strong cross-organisational team. It may include your legal team, privacy team, marketing team, infrastructure architects, information security officers, and potentially an outside expert with special knowledge of the regulation. Successful financial institutions will approach GDPR holistically, and ensure that the entire organisation, including employees, senior management, and investors are focused on improving transparency in all areas affecting consumer data. The cultural shift that is necessary for adherence to this regulation is one that embeds privacy into the design and operation of IT systems, networked infrastructure, and all business practices — one that fosters continuous collaboration across teams.
  2. Do you have an omni-channel strategy?
    GDPR compliance will mean that financial institutions need to open their core systems to allow customers to control and release their data to connected marketplace products from third parties. To do this, the application programming interfaces (APIs) of the bank will need to be open and connected to external providers. Forward-thinking financial institutions will see this as a growth opportunity. Using multiple channels focused on serving the customer where, when, and how they prefer, financial institutions will be able to provide multiple points of contact with their customers whenever financial advice is needed. This will enable financial institutions to deepen the relationships with customers and become “digital advisors” that work behind the scenes, as a trusted partner, guiding the customer in their decision-making throughout their daily financial life.
  3. Can you quickly provide data to individuals who ask?
    Most financial institutions have contact centers that are operating 24x7x365. Delivering that breadth and depth of service, requires huge amounts of contact information data across a variety of communication channels. To comply with GDPR and quickly provide data to your customers, you must first have a handle on where all the data resides. Many financial institutions are burdened with multiple systems, which can make it difficult to quickly locate, transfer or remove data. To meet user requests regarding the use or deletion of their data in a reasonable amount of time, financial services providers must ensure they have high visibility into every instance of user data, how it is used, for what purpose, and by whom. Additionally, organisations must ensure they are only collecting the minimum amount of data required for the consented purposes. This presents an opportunity for cost savings by removing dead weight in the databases that can often contain duplicate and irrelevant information.
  4. Can you quickly erase personal data and comply with “Right to be Forgotten”?
    The “right to be forgotten” or the “right to erasure” of GDPR states the specific grounds for the right to request erasure of personal data. Financial institutions that maintain a comprehensive view of all processes and systems dealing with personal data will be best positioned to respond to requests for “data portability”, which gives consumers the right to request access to, or the removal of, their own personal data from banks without the need for any outside authorisation. This is another opportunity for financial institutions to differentiate themselves by delivering exceptional customer experiences. Rather than approach this as a regulatory requirement, they will be able to exceed customer expectations with their ability to rapidly respond to these requests.
  5. How can a digital platform enhance GDPR preparedness?
    Financial institutions that have technology built on an underlying end-to-end orchestration layer will have the governance, dynamic  business processes, and auditability necessary for compliance with GDPR. This approach allows older systems to work with new systems, without requiring retooling. With a stable, agile technology platform that preserves existing investments, financial institutions will be able to quickly modernize and adapt to comply with GDPR and deliver new functions and capabilities should the regulation continue to evolve and change due to legal test cases.

Learn More on This Edition of AppianLIVE Expert Cut

To hear more about compliance and the GDPR challenge, tune in for our latest edition of AppianLIVE Expert Cut. This interview with Appian leaders in financial services explains how the Appian low-code development platform provides powerful case management and intelligent automation — including Robotic Process Automation (RPA) and Artificial Intelligence (AI) — required for GDPR preparedness and digital transformation success.

SUBSCRIBE TO APPIAN WEEKLY!