GDPR Six Months Out – The View from Financial Services Industry

Editor’s Note:

We’re now less than six months away from the EU General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018. Continuing our series of blogs exploring GDPR’s impact on various industries and digital identity, Nick Caley, VP, Financial & Regulatory, provides his perspective on how the regulation will impact banking and financial services organizations.  

Financial Services organizations are often better prepared than most to step up to new regulation. Still, even the most seasoned risk and compliance veterans look ahead into 2018 with appropriate concern at the intersection of significant pieces of legislation. The year starts off with Open Banking and PSD2, mandated to both harmonize payments and foster innovation within the banking ecosystem. In May, the most comprehensive privacy law to hit the statute books in many years comes into enforcement: the GDPR. Its impact will be felt by every EU citizen and size of organization handling their personal data, and beyond the EU as well. At first glance these laws appear to be in opposition. On the one hand PSD2 and Open Banking enable approved Third-Party Access via APIs to sensitive bank account information. On the other hand, GDPR is a wide-reaching data protection law predicated on the protection of personal information, with swingeing penalties for non-compliance.

The Key is Consent

In reality, the regulators have made consent a key requirement of each of these laws, though it’s not mandated in all customer interactions. But given the distinct advantages consent brings, it’s always preferable to have it. Gaining and managing customer consent offers a bridge across the 2018 regulatory impact for banks and financial services more widely. Some institutions will rely on ‘Legitimate Interest’ for processing personal data. Those stepping in to a new model of shared data assets with full customer consent, however, will gain greater flexibility to work with personal data for the provision of new services and selling of new products. Managing dynamic consent captured in real-time interactions as a customer manages their account, then made visible in a Privacy Dashboard increases the level of trust as it delivers the choice, control and transparency that newly empowered consumers will start to expect.

Who Is Nick Caley?

Nick Caley is VP, Industries Financial & Regulatory, at ForgeRock. Nick speaks regularly at financial services and information security events in the EMEA region, and contributes regularly to publications including IT Pro Portal, ComputerworldUK and Payment Week.

Recent Posts:

IAM owner? We've got your back.

Identity and Access Management (IAM) is a compelling tool and can be even more effective when used strategically.  The extent of the value depends upon how available you make identity to the business applications and services used in achieving business goals.

Open Banking: Are You Ready, Australia?

“Future money will know where it has been, who has been using it and what they have been using it for.

User Login Analytics & Metrics: The Deeper Dive

As login journeys become more complex, the need to effectively monitor their performance becomes more important.