It’s time to face the music: the General Data Protection Regulation (GDPR) is now very real.
GDPR is here and is no longer ‘that law going into force at some point in the distant and hazy future’ but is now ‘that law that’s a reality.’ On May 25th, after a two-year transition period since it was first adopted, GDPR officially became enforceable. Tons of time, energy, and attention has been spent trying to put the requirements of this regulation into the right words.
Despite all of this preparation and even with the deadline having passed, the big question that many financial institutions are still facing is, “Are we ready???”
o Did your firm complete a data flows analysis into, across, and out of your institution?
o Did your firm complete a review of consent for first time requests and for their continuous management?
o Does your firm have processes in place to respond to the following rights: right to be informed, right of access, right to rectification, right to erasure, right to restrict processing, right to data portability, and right to object.
Accountability and governance
o Does your firm have a data protection policy statement to show accountability?
o Does your firm have data protection training for staff?
o Did your institution complete a business impact analysis of personal data-connected risk?
Data security, international transfers, and breaches
o Does your firm have an information security policy statement which explains that you process personal data with the right level of security?
o Did your company put an effective process in place to spot, assess, and address data breaches?
It’s obvious from the above figure that some European companies weren’t yet compliant with GDPR two months before it was meant to go into effect. In fact, GDPR readiness hadn’t changed much since November of last year until February 2018, according to iWelcome’s study, “The State of GDPR-readiness in Europe.”
As the figure highlights, organizations are still struggling to keep up with regulatory change. In order to adapt to and use the strategic innovation potential of these shifts in regulation, it’s becoming clearer by the day how important it is to integrate policies and procedures into future-proof, flexible, and holistic tools. This will enable organizations to streamline data and enforce rules, checks, and security with less effort and costs involved, therefore freeing up resources to support the business in taking advantage of regulatory changes.