April 19, 2018
The New Normal: A GDPR Preparation Checklist for Banks
It’s time to face the music: the General Data Protection Regulation (GDPR) is now very real.
GDPR is here and is no longer ‘that law going into force at some point in the distant and hazy future’ but is now ‘that law that’s a reality.’ On May 25th, after a two-year transition period since it was first adopted, GDPR officially became enforceable. Tons of time, energy, and attention has been spent trying to put the requirements of this regulation into the right words.
Despite all of this preparation and even with the deadline having passed, the big question that many financial institutions are still facing is, “Are we ready???”
To answer this question, organizations need to evaluate how compliant they currently are with GDPR. Here's a 4-step checklist, based on ICO (UK Information Commissioner’s Officer) guidelines, to help determine GDPR maturity:
Lawfulness, fairness, and transparency
Did your firm complete a data flows analysis into, across, and out of your institution?
Did your firm complete a review of consent for first time requests and for their continuous management?
- Does your firm have processes in place to respond to the following rights: right to be informed, right of access, right to rectification, right to erasure, right to restrict processing, right to data portability, and right to object.
Accountability and governance
Does your firm have a data protection policy statement to show accountability?
Does your firm have data protection training for staff?
Did your institution complete a business impact analysis of personal data-connected risk?
Data security, international transfers, and breaches
Does your firm have an information security policy statement which explains that you process personal data with the right level of security?
Did your company put an effective process in place to spot, assess, and address data breaches?
“The state of GDPR-readiness in Europe. A consumer perspective” iWelcome Feb. 2018
It’s obvious from the above figure that some European companies weren’t yet compliant with GDPR two months before it was meant to go into effect. In fact, GDPR readiness hadn’t changed much since November of last year until February 2018, according to iWelcome’s study, “The State of GDPR-readiness in Europe.”
As the figure highlights, organizations are still struggling to keep up with regulatory change. In order to adapt to and use the strategic innovation potential of these shifts in regulation, it’s becoming clearer by the day how important it is to integrate policies and procedures into future-proof, flexible, and holistic tools. This will enable organizations to streamline data and enforce rules, checks, and security with less effort and costs involved, therefore freeing up resources to support the business in taking advantage of regulatory changes.
Appway's GDPR Infographic: 3 Steps Banks Can Take to Leverage the New Law
Chiara GelminiBusiness Practice ManagerAppway