GDPR Readiness in Financial Services — What You Need to Do
In our previous blog, we examined the impact of the General Data Protection Regulation (GDPR) on financial services institutions. In today’s blog, we’ll look at the actions financial institutions need to take to ensure readiness.
First, let’s debunk the myth that because there is just a little more than a month left to the compliance deadline, everyone is ready for GDPR. It just isn’t so. According to Forrester, “One in three firms believes they are GDPR-compliant today — but they may not be.”
Perception vs. reality
Forrester research reveals that many firms haven’t engaged in data discovery nor have they run gap analyses to identify potential holes in their compliance with the provisions of GDPR. Without appropriate gap analysis evaluation, many financial institutions and other organisations will be unable to establish a base level awareness of where personal data resides, where and how it is processed, and whether their employees have a deep understanding of the regulation. A thorough analysis will show and assess the current level of compliance with GDPR. Once this analysis is complete, confusion over the perception of GDPR readiness and actual GDPR readiness will be reduced and financial institutions can work toward identifying and prioritising the key work areas they must address to be compliant. Approached in this way, GDPR-preparedness will no longer look like a check-list of individual activities, rather a comprehensive compliance program that is auditable and will sustain evidence for GDPR accountability.
What to do: get a true picture of your preparedness through a thorough gap analysis.
Importance of a holistic approach
In each of the blogs in this series, we’ve talked about the importance of a comprehensive approach to GDPR compliance. With so many, often disparate, groups within financial institutions dealing with consumer data, GDPR compliance cannot be achieved if it is handled as a one-off siloed project. These approaches are short-sighted, and most likely will need radical revision after the enforcement of GDPR or even worse, result in significant fines of up to 4% of annual global turnover or €20 million, whichever is greater. There are so many critical functions within a financial institution that utilise consumer data; everything from fraud detection, to compliance and regulatory requirements, to risk management and marketing. The only way to achieve and maintain GDPR compliance is through cross-organisational collaboration with the support and involvement of senior management.
What to do: involve the entire organisation, including employees, senior management, and investors in the creation of a plan that is prioritised from the perspective of the data subject.
Having prior experience with regulators is an asset
GDPR is meant to protect and empower all EU citizens data privacy across all industries. Highly regulated industries, like financial services will be better positioned to achieve and maintain compliance because they have established strong internal compliance and data protection teams. Having a greater level of exposure to other kinds of regulatory requirements puts financial institutions in a situation where they are better suited to navigate the complexity of GDPR processing activities, and will likely have less confusion interpreting the requirements. In this advantageous position, the financial services industry may be the first to view GDPR as a business opportunity, and not just a regulation to comply with. With the focus on improving transparency, GDPR compliance could be a driver that strengthens customer confidence in financial services.
What to do: regulation is nothing new in financial services, leverage the talent you have within your organisation.
With Appian, financial institutions can meet the deadline for GDPR compliance in a first phase and change and meet new requirements as they arise. This approach allows for additional development and modifications once the regulation comes into force and its impact on the business is better understood.
Learn More on This Edition of AppianLIVE Expert Cut
To hear more about compliance and the GDPR challenge, tune in for our latest edition of AppianLIVE Expert Cut. This interview with Appian leaders in financial services explains how the Appian low-code development platform provides powerful case management and intelligent automation — including Robotic Process Automation (RPA) and Artificial Intelligence (AI) — required for GDPR preparedness and digital transformation success.